./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2128999246 <...> Warning: Permanently added '10.128.1.131' (ED25519) to the list of known hosts. execve("./syz-executor2128999246", ["./syz-executor2128999246"], 0x7ffe76fd57c0 /* 10 vars */) = 0 brk(NULL) = 0x555556eda000 brk(0x555556edad40) = 0x555556edad40 arch_prctl(ARCH_SET_FS, 0x555556eda3c0) = 0 set_tid_address(0x555556eda690) = 5024 set_robust_list(0x555556eda6a0, 24) = 0 rseq(0x555556edace0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2128999246", 4096) = 28 getrandom("\x9b\x59\xfd\xfe\x23\xc8\xc4\x23", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556edad40 brk(0x555556efbd40) = 0x555556efbd40 brk(0x555556efc000) = 0x555556efc000 mprotect(0x7f81bb283000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.p0uXmg", 0700) = 0 chmod("./syzkaller.p0uXmg", 0777) = 0 chdir("./syzkaller.p0uXmg") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5025 ./strace-static-x86_64: Process 5025 attached [pid 5025] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5025] chdir("./0") = 0 [pid 5025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5025] setpgid(0, 0) = 0 [pid 5025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5025] write(3, "1000", 4) = 4 [pid 5025] close(3) = 0 [pid 5025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5025] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5025] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5025] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5025] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5026 attached => {parent_tid=[5026]}, 88) = 5026 [pid 5025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5025] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5025] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5026] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5026] set_robust_list(0x7f81bb1be9a0, 24 [pid 5025] <... mprotect resumed>) = 0 [pid 5026] <... set_robust_list resumed>) = 0 [pid 5026] rt_sigprocmask(SIG_SETMASK, [], [pid 5025] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5026] memfd_create("syzkaller", 0 [pid 5025] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5028]}, 88) = 5028 [pid 5025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5025] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5028 attached [pid 5028] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5026] <... memfd_create resumed>) = 3 [pid 5028] set_robust_list(0x7f81bb19d9a0, 24 [pid 5026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5028] <... set_robust_list resumed>) = 0 [pid 5026] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5028] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5028] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5028] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5025] <... futex resumed>) = 0 [pid 5028] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5025] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... mount resumed>) = 0 [pid 5028] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... futex resumed>) = 1 [pid 5028] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5028] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... futex resumed>) = 1 [pid 5028] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5028] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5028] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5026] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5026] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5026] close(3) = 0 [pid 5026] mkdir("./file1", 0777) = 0 [ 51.696396][ T5026] syz-executor212[5026]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 51.709687][ T28] audit: type=1800 audit(1693866682.451:2): pid=5028 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 51.716301][ T5026] loop0: detected capacity change from 0 to 512 [pid 5026] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5026] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5026] chdir("./file1") = 0 [pid 5026] ioctl(6, LOOP_CLR_FD) = 0 [pid 5026] close(6) = 0 [pid 5026] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] exit_group(0 [pid 5028] <... futex resumed>) = ? [pid 5026] <... futex resumed>) = ? [pid 5025] <... exit_group resumed>) = ? [pid 5028] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ [pid 5025] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5025, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 51.748609][ T5026] EXT4-fs (loop0): 1 orphan inode deleted [ 51.754517][ T5026] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.767470][ T5026] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5032 ./strace-static-x86_64: Process 5032 attached [pid 5032] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5032] chdir("./1") = 0 [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5032] setpgid(0, 0) = 0 [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5032] write(3, "1000", 4) = 4 [pid 5032] close(3) = 0 [pid 5032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5032] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5032] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5033 attached [pid 5033] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5032] <... clone3 resumed> => {parent_tid=[5033]}, 88) = 5033 [pid 5033] <... rseq resumed>) = 0 [pid 5033] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5033] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5032] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 1 [pid 5032] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5033] memfd_create("syzkaller", 0 [pid 5032] <... mmap resumed>) = 0x7f81bb17d000 [pid 5032] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5034 attached [pid 5034] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5032] <... clone3 resumed> => {parent_tid=[5034]}, 88) = 5034 [pid 5034] <... rseq resumed>) = 0 [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], [pid 5032] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5034] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5032] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... open resumed>) = 3 [pid 5034] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = 1 [pid 5034] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5034] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = 1 [pid 5034] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5034] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 51.798163][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.838079][ T5033] syz-executor212[5033]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5034] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5032] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5034] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 1 [pid 5034] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] <... memfd_create resumed>) = 5 [pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5033] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5033] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5033] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5033] close(5) = 0 [pid 5033] mkdir("./file1", 0777) = 0 [ 51.848072][ T28] audit: type=1800 audit(1693866682.581:3): pid=5034 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 51.859091][ T5033] loop0: detected capacity change from 0 to 512 [ 51.888107][ T5033] EXT4-fs (loop0): 1 orphan inode deleted [pid 5033] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5033] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5033] chdir("./file1") = 0 [pid 5033] ioctl(6, LOOP_CLR_FD) = 0 [pid 5033] close(6) = 0 [pid 5033] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] exit_group(0 [pid 5033] <... futex resumed>) = ? [pid 5032] <... exit_group resumed>) = ? [pid 5033] +++ exited with 0 +++ [pid 5034] <... futex resumed>) = ? [pid 5034] +++ exited with 0 +++ [pid 5032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 51.894023][ T5033] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.907005][ T5033] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/1/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5037 attached , child_tidptr=0x555556eda690) = 5037 [pid 5037] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5037] chdir("./2") = 0 [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5037] setpgid(0, 0) = 0 [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5037] write(3, "1000", 4) = 4 [pid 5037] close(3) = 0 [pid 5037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5037] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 51.953384][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5037] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5037] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5038]}, 88) = 5038 ./strace-static-x86_64: Process 5038 attached [pid 5038] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], [pid 5038] <... rseq resumed>) = 0 [pid 5038] set_robust_list(0x7f81bb1be9a0, 24 [pid 5037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5038] <... set_robust_list resumed>) = 0 [pid 5037] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], [pid 5037] <... futex resumed>) = 0 [pid 5038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5037] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5037] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5038] memfd_create("syzkaller", 0 [pid 5037] <... mprotect resumed>) = 0 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5039]}, 88) = 5039 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5037] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5039 attached [pid 5039] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5039] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5039] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5037] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... mount resumed>) = 0 [pid 5039] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5037] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5038] <... memfd_create resumed>) = 4 [pid 5037] <... futex resumed>) = 0 [pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5037] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5039] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5038] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5039] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5039] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5039] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... write resumed>) = 262144 [pid 5038] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5038] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5038] close(4) = 0 [pid 5038] mkdir("./file1", 0777) = 0 [ 52.030414][ T5038] syz-executor212[5038]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 52.037212][ T28] audit: type=1800 audit(1693866682.771:4): pid=5039 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.065752][ T5038] loop0: detected capacity change from 0 to 512 [pid 5038] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5038] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5038] chdir("./file1") = 0 [pid 5038] ioctl(6, LOOP_CLR_FD) = 0 [pid 5038] close(6) = 0 [pid 5038] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] exit_group(0 [pid 5038] <... futex resumed>) = ? [pid 5039] <... futex resumed>) = ? [pid 5038] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ [pid 5037] <... exit_group resumed>) = ? [pid 5037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 52.087832][ T5038] EXT4-fs (loop0): 1 orphan inode deleted [ 52.093725][ T5038] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.106860][ T5038] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/2/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5042 attached , child_tidptr=0x555556eda690) = 5042 [pid 5042] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5042] chdir("./3") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5042] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5043 attached [pid 5043] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5042] <... clone3 resumed> => {parent_tid=[5043]}, 88) = 5043 [pid 5043] <... rseq resumed>) = 0 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5043] set_robust_list(0x7f81bb1be9a0, 24 [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] <... set_robust_list resumed>) = 0 [pid 5042] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], [pid 5042] <... futex resumed>) = 0 [pid 5043] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 52.141259][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5042] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] memfd_create("syzkaller", 0 [pid 5042] <... futex resumed>) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5042] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5043] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5044 attached [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5044] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5043] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5042] <... clone3 resumed> => {parent_tid=[5044]}, 88) = 5044 [pid 5044] <... rseq resumed>) = 0 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] set_robust_list(0x7f81bb19d9a0, 24 [pid 5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5044] <... set_robust_list resumed>) = 0 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5044] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5044] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... write resumed>) = 262144 [pid 5044] <... futex resumed>) = 1 [pid 5043] munmap(0x7f81b2d7d000, 262144 [pid 5044] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... munmap resumed>) = 0 [pid 5042] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... futex resumed>) = 0 [pid 5044] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5043] ioctl(5, LOOP_SET_FD, 3 [pid 5044] <... mount resumed>) = 0 [pid 5044] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... futex resumed>) = 1 [pid 5044] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5044] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... futex resumed>) = 1 [ 52.187736][ T5043] syz-executor212[5043]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 52.205199][ T28] audit: type=1800 audit(1693866682.951:5): pid=5044 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.227456][ T5043] loop0: detected capacity change from 0 to 512 [pid 5044] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5043] <... ioctl resumed>) = 0 [pid 5043] close(3) = 0 [pid 5043] mkdir("./file1", 0777) = 0 [pid 5043] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5044] <... write resumed>) = -1 EIO (Input/output error) [pid 5044] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5044] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5043] ioctl(5, LOOP_CLR_FD) = 0 [pid 5043] close(5) = 0 [pid 5043] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] exit_group(0 [pid 5043] <... futex resumed>) = ? [pid 5043] +++ exited with 0 +++ [pid 5042] <... exit_group resumed>) = ? [pid 5044] <... futex resumed>) = ? [pid 5044] +++ exited with 0 +++ [pid 5042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5045 attached , child_tidptr=0x555556eda690) = 5045 [pid 5045] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5045] chdir("./4") = 0 [pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5045] setpgid(0, 0) = 0 [ 52.232760][ T5044] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 52.243585][ T5044] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 52.256682][ T5043] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5045] write(3, "1000", 4) = 4 [pid 5045] close(3) = 0 [pid 5045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5045] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5045] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5046]}, 88) = 5046 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5045] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 5046 attached [pid 5046] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5045] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5046] <... rseq resumed>) = 0 [pid 5045] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5046] set_robust_list(0x7f81bb1be9a0, 24 [pid 5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5046] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5047 attached [pid 5046] rt_sigprocmask(SIG_SETMASK, [], [pid 5047] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5045] <... clone3 resumed> => {parent_tid=[5047]}, 88) = 5047 [pid 5047] set_robust_list(0x7f81bb19d9a0, 24 [pid 5046] memfd_create("syzkaller", 0 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], [pid 5047] <... set_robust_list resumed>) = 0 [pid 5045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5045] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5047] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... memfd_create resumed>) = 4 [pid 5047] <... futex resumed>) = 1 [pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5047] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5046] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5047] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5045] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... mount resumed>) = 0 [pid 5047] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5047] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5045] <... futex resumed>) = 0 [pid 5047] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5045] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... open resumed>) = 5 [pid 5047] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5045] <... futex resumed>) = 0 [pid 5047] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... futex resumed>) = 0 [pid 5045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5046] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5046] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5046] close(4) = 0 [pid 5046] mkdir("./file1", 0777) = 0 [ 52.308644][ T5046] syz-executor212[5046]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 52.311134][ T28] audit: type=1800 audit(1693866683.051:6): pid=5047 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.346229][ T5046] loop0: detected capacity change from 0 to 512 [pid 5046] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5046] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5046] chdir("./file1") = 0 [pid 5046] ioctl(6, LOOP_CLR_FD) = 0 [pid 5046] close(6) = 0 [pid 5046] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] exit_group(0) = ? [pid 5047] <... futex resumed>) = ? [pid 5046] <... futex resumed>) = ? [pid 5047] +++ exited with 0 +++ [pid 5046] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 52.367583][ T5046] EXT4-fs (loop0): 1 orphan inode deleted [ 52.373482][ T5046] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.386351][ T5046] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/4/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5050 ./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5050] chdir("./5") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5050] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5051]}, 88) = 5051 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5051 attached [pid 5051] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5050] <... futex resumed>) = 0 [pid 5051] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5050] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5051] memfd_create("syzkaller", 0 [pid 5050] <... mmap resumed>) = 0x7f81bb17d000 [pid 5050] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5052]}, 88) = 5052 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5052 attached [pid 5052] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5051] <... memfd_create resumed>) = 3 [pid 5052] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], [pid 5051] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5052] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5052] <... open resumed>) = 4 [pid 5051] <... write resumed>) = 262144 [ 52.416233][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.457194][ T5051] syz-executor212[5051]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5051] munmap(0x7f81b2d7d000, 262144 [pid 5052] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... munmap resumed>) = 0 [pid 5052] <... futex resumed>) = 1 [pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5052] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... openat resumed>) = 5 [pid 5051] ioctl(5, LOOP_SET_FD, 3 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 0 [pid 5052] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5052] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5051] <... ioctl resumed>) = 0 [pid 5051] close(3) = 0 [pid 5051] mkdir("./file1", 0777 [pid 5052] <... open resumed>) = 6 [pid 5051] <... mkdir resumed>) = 0 [pid 5052] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5052] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [ 52.473096][ T28] audit: type=1800 audit(1693866683.211:7): pid=5052 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.493811][ T5051] loop0: detected capacity change from 0 to 512 [pid 5052] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5051] ioctl(5, LOOP_CLR_FD) = 0 [pid 5051] close(5) = 0 [pid 5051] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] exit_group(0 [pid 5052] <... futex resumed>) = ? [pid 5050] <... exit_group resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5051] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached , child_tidptr=0x555556eda690) = 5053 [pid 5053] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5053] chdir("./6") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [ 52.515393][ T5051] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5053] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5054 attached => {parent_tid=[5054]}, 88) = 5054 [pid 5054] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5054] set_robust_list(0x7f81bb1be9a0, 24 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5054] <... set_robust_list resumed>) = 0 [pid 5053] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] <... futex resumed>) = 0 [pid 5054] memfd_create("syzkaller", 0 [pid 5053] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5053] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5055]}, 88) = 5055 ./strace-static-x86_64: Process 5055 attached [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... memfd_create resumed>) = 3 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5055] <... rseq resumed>) = 0 [pid 5055] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5055] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5054] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5054] ioctl(5, LOOP_SET_FD, 3 [pid 5055] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... ioctl resumed>) = 0 [pid 5054] close(3) = 0 [pid 5054] mkdir("./file1", 0777 [pid 5055] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5054] <... mkdir resumed>) = 0 [pid 5054] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5055] <... mount resumed>) = 0 [pid 5055] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5055] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5055] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... write resumed>) = 262144 [pid 5055] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5055] <... futex resumed>) = 1 [ 52.549105][ T5054] syz-executor212[5054]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 52.562995][ T28] audit: type=1800 audit(1693866683.301:8): pid=5055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.567113][ T5054] loop0: detected capacity change from 0 to 512 [pid 5055] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5054] ioctl(5, LOOP_CLR_FD) = 0 [pid 5054] close(5) = 0 [pid 5054] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] exit_group(0 [pid 5055] <... futex resumed>) = ? [pid 5054] <... futex resumed>) = ? [pid 5055] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ [pid 5053] <... exit_group resumed>) = ? [pid 5053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached , child_tidptr=0x555556eda690) = 5056 [pid 5056] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5056] chdir("./7") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [ 52.613864][ T5054] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 52.623655][ T5054] EXT4-fs (loop0): group descriptors corrupted! [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5056] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5057 attached [pid 5057] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5056] <... clone3 resumed> => {parent_tid=[5057]}, 88) = 5057 [pid 5057] <... rseq resumed>) = 0 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5057] set_robust_list(0x7f81bb1be9a0, 24 [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5057] <... set_robust_list resumed>) = 0 [pid 5056] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5056] <... futex resumed>) = 0 [pid 5057] memfd_create("syzkaller", 0 [pid 5056] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5056] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5058]}, 88) = 5058 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5056] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5058 attached [pid 5058] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5058] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5058] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5058] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... futex resumed>) = 1 [pid 5058] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5058] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... futex resumed>) = 1 [pid 5058] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5058] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5058] <... futex resumed>) = 1 [pid 5058] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] <... memfd_create resumed>) = 5 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5057] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5057] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5057] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5057] close(5) = 0 [pid 5057] mkdir("./file1", 0777) = 0 [ 52.654293][ T5057] syz-executor212[5057]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 52.670924][ T28] audit: type=1800 audit(1693866683.411:9): pid=5058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.676328][ T5057] loop0: detected capacity change from 0 to 512 [pid 5057] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5057] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5057] chdir("./file1") = 0 [pid 5057] ioctl(6, LOOP_CLR_FD) = 0 [pid 5057] close(6) = 0 [pid 5057] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] exit_group(0 [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... futex resumed>) = ? [pid 5056] <... exit_group resumed>) = ? [pid 5057] <... futex resumed>) = ? [pid 5058] +++ exited with 0 +++ [pid 5057] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 52.728033][ T5057] EXT4-fs (loop0): 1 orphan inode deleted [ 52.733772][ T5057] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.746665][ T5057] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/7/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached , child_tidptr=0x555556eda690) = 5061 [pid 5061] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5061] chdir("./8") = 0 [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setpgid(0, 0) = 0 [pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1000", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5061] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5061] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5061] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5062 attached [pid 5062] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5062] set_robust_list(0x7f81bb1be9a0, 24 [pid 5061] <... clone3 resumed> => {parent_tid=[5062]}, 88) = 5062 [pid 5062] <... set_robust_list resumed>) = 0 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] rt_sigprocmask(SIG_SETMASK, [], [pid 5061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5061] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] memfd_create("syzkaller", 0 [pid 5061] <... futex resumed>) = 0 [ 52.791258][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5061] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5061] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5063]}, 88) = 5063 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5061] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5063 attached [pid 5063] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5063] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5062] <... memfd_create resumed>) = 4 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5062] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5062] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5062] ioctl(5, LOOP_SET_FD, 4 [pid 5063] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5061] <... futex resumed>) = 0 [pid 5063] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5061] <... futex resumed>) = 0 [pid 5063] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5061] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... mount resumed>) = 0 [pid 5063] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... ioctl resumed>) = 0 [pid 5061] <... futex resumed>) = 0 [pid 5063] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5061] <... futex resumed>) = 0 [pid 5063] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5062] close(4 [pid 5061] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... open resumed>) = 6 [pid 5062] <... close resumed>) = 0 [pid 5063] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5061] <... futex resumed>) = 0 [pid 5063] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] mkdir("./file1", 0777 [pid 5061] <... futex resumed>) = 0 [pid 5063] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5062] <... mkdir resumed>) = 0 [pid 5061] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 52.832866][ T5062] syz-executor212[5062]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 52.842278][ T28] audit: type=1800 audit(1693866683.581:10): pid=5063 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.859411][ T5062] loop0: detected capacity change from 0 to 512 [pid 5062] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5063] <... write resumed>) = 262144 [pid 5063] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5062] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5062] ioctl(5, LOOP_CLR_FD) = 0 [pid 5062] close(5) = 0 [pid 5062] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] exit_group(0 [pid 5063] <... futex resumed>) = ? [pid 5061] <... exit_group resumed>) = ? [pid 5063] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ [pid 5061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5061, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 52.877114][ T5062] EXT4-fs (loop0): VFS: Can't find ext4 filesystem ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5064 ./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5064] chdir("./9") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5064] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5065 attached => {parent_tid=[5065]}, 88) = 5065 [pid 5065] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] set_robust_list(0x7f81bb1be9a0, 24 [pid 5064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... set_robust_list resumed>) = 0 [pid 5064] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... futex resumed>) = 0 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] memfd_create("syzkaller", 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5064] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5066]}, 88) = 5066 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5066 attached [pid 5066] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5066] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5066] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... memfd_create resumed>) = 4 [pid 5066] <... futex resumed>) = 1 [pid 5066] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5065] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5064] <... futex resumed>) = 1 [pid 5066] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5064] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5064] <... futex resumed>) = 0 [pid 5066] <... open resumed>) = 5 [pid 5066] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5064] <... futex resumed>) = 1 [pid 5066] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5064] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5066] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5066] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... write resumed>) = 262144 [pid 5065] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5065] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5065] close(4) = 0 [pid 5065] mkdir("./file1", 0777) = 0 [ 52.947827][ T5065] syz-executor212[5065]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 52.953098][ T28] audit: type=1800 audit(1693866683.691:11): pid=5066 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 52.984750][ T5065] loop0: detected capacity change from 0 to 512 [pid 5065] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5065] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5065] chdir("./file1") = 0 [pid 5065] ioctl(6, LOOP_CLR_FD) = 0 [pid 5065] close(6) = 0 [pid 5065] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] exit_group(0) = ? [pid 5066] <... futex resumed>) = ? [pid 5066] +++ exited with 0 +++ [pid 5065] <... futex resumed>) = ? [pid 5065] +++ exited with 0 +++ [pid 5064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 52.998032][ T5065] EXT4-fs (loop0): 1 orphan inode deleted [ 53.003765][ T5065] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.016363][ T5065] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/9/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5069 ./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5069] chdir("./10") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5069] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5070 attached => {parent_tid=[5070]}, 88) = 5070 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5070] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5070] set_robust_list(0x7f81bb1be9a0, 24 [pid 5069] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... set_robust_list resumed>) = 0 [pid 5069] <... futex resumed>) = 0 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5070] memfd_create("syzkaller", 0 [pid 5069] <... mmap resumed>) = 0x7f81bb17d000 [pid 5069] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5071 attached [pid 5071] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5069] <... clone3 resumed> => {parent_tid=[5071]}, 88) = 5071 [pid 5071] set_robust_list(0x7f81bb19d9a0, 24 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5071] <... set_robust_list resumed>) = 0 [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] <... futex resumed>) = 0 [pid 5071] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5069] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... open resumed>) = 3 [pid 5071] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [pid 5071] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5071] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [pid 5071] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5071] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.050471][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5069] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [pid 5071] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5071] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = 1 [pid 5071] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... memfd_create resumed>) = 5 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5070] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5070] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5070] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5070] close(5) = 0 [pid 5070] mkdir("./file1", 0777) = 0 [ 53.118938][ T5070] loop0: detected capacity change from 0 to 512 [ 53.138316][ T5070] EXT4-fs (loop0): 1 orphan inode deleted [ 53.144097][ T5070] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.156904][ T5070] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5070] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5070] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5070] chdir("./file1") = 0 [pid 5070] ioctl(6, LOOP_CLR_FD) = 0 [pid 5070] close(6) = 0 [pid 5070] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] exit_group(0 [pid 5071] <... futex resumed>) = ? [pid 5069] <... exit_group resumed>) = ? [pid 5071] +++ exited with 0 +++ [pid 5070] <... futex resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached , child_tidptr=0x555556eda690) = 5074 [pid 5074] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5074] chdir("./11") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5074] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5075 attached => {parent_tid=[5075]}, 88) = 5075 [pid 5075] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] <... rseq resumed>) = 0 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] set_robust_list(0x7f81bb1be9a0, 24 [pid 5074] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5074] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] memfd_create("syzkaller", 0 [pid 5074] <... futex resumed>) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5075] <... memfd_create resumed>) = 3 [pid 5074] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5076 attached [pid 5075] <... write resumed>) = 262144 [pid 5076] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5075] munmap(0x7f81b2d7d000, 262144 [pid 5074] <... clone3 resumed> => {parent_tid=[5076]}, 88) = 5076 [pid 5076] <... rseq resumed>) = 0 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] set_robust_list(0x7f81bb19d9a0, 24 [pid 5075] <... munmap resumed>) = 0 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] <... openat resumed>) = 4 [pid 5074] <... futex resumed>) = 0 [pid 5076] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5075] ioctl(4, LOOP_SET_FD, 3 [pid 5074] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... open resumed>) = 5 [pid 5076] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... ioctl resumed>) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file1", 0777 [pid 5076] <... futex resumed>) = 1 [pid 5075] <... mkdir resumed>) = 0 [pid 5075] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5076] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5076] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [pid 5076] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5076] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [ 53.182155][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.221265][ T5075] loop0: detected capacity change from 0 to 512 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5076] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5076] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] exit_group(0) = ? [pid 5075] <... futex resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5076] <... futex resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5077] chdir("./12") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5077 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5077] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5078 attached [pid 5078] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5077] <... clone3 resumed> => {parent_tid=[5078]}, 88) = 5078 [pid 5078] <... rseq resumed>) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5077] <... futex resumed>) = 0 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5077] <... mmap resumed>) = 0x7f81bb17d000 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5077] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5078] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5077] <... mprotect resumed>) = 0 [ 53.238206][ T5075] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 53.250508][ T5075] EXT4-fs (loop0): group descriptors corrupted! [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5077] <... clone3 resumed> => {parent_tid=[5079]}, 88) = 5079 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5079 attached [pid 5079] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5078] munmap(0x7f81b2d7d000, 262144 [pid 5079] <... rseq resumed>) = 0 [pid 5078] <... munmap resumed>) = 0 [pid 5079] set_robust_list(0x7f81bb19d9a0, 24 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5079] <... set_robust_list resumed>) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] <... openat resumed>) = 4 [pid 5079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5078] ioctl(4, LOOP_SET_FD, 3 [pid 5079] <... open resumed>) = 5 [pid 5079] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5079] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5079] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5077] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 6 [pid 5079] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5079] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5077] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... ioctl resumed>) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file1", 0777) = 0 [pid 5078] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5079] <... write resumed>) = 262144 [pid 5079] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... futex resumed>) = 0 [pid 5078] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] exit_group(0 [pid 5079] <... futex resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5077] <... exit_group resumed>) = ? [pid 5078] <... futex resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5080] chdir("./13") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [ 53.306604][ T5078] loop0: detected capacity change from 0 to 512 [ 53.320869][ T5078] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5080] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5080] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5081 attached => {parent_tid=[5081]}, 88) = 5081 [pid 5081] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] <... rseq resumed>) = 0 [pid 5081] set_robust_list(0x7f81bb1be9a0, 24 [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] <... set_robust_list resumed>) = 0 [pid 5080] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5080] <... futex resumed>) = 0 [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] memfd_create("syzkaller", 0 [pid 5080] <... futex resumed>) = 0 [pid 5081] <... memfd_create resumed>) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5080] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5082 attached [pid 5082] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5080] <... clone3 resumed> => {parent_tid=[5082]}, 88) = 5082 [pid 5082] <... rseq resumed>) = 0 [pid 5082] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5080] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... open resumed>) = 4 [pid 5080] <... futex resumed>) = 0 [pid 5082] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... write resumed>) = 262144 [pid 5080] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] munmap(0x7f81b2d9e000, 262144 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5082] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5080] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... mount resumed>) = 0 [pid 5081] <... munmap resumed>) = 0 [pid 5082] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5082] <... futex resumed>) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5082] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5080] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... open resumed>) = 5 [pid 5081] <... openat resumed>) = 6 [pid 5080] <... futex resumed>) = 0 [pid 5082] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = 0 [pid 5082] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5080] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5082] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] ioctl(6, LOOP_SET_FD, 3 [pid 5082] <... futex resumed>) = 1 [pid 5081] <... ioctl resumed>) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5082] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] close(3) = 0 [pid 5081] mkdir("./file1", 0777) = 0 [ 53.385910][ T5081] loop0: detected capacity change from 0 to 512 [ 53.408134][ T5081] EXT4-fs (loop0): 1 orphan inode deleted [ 53.414068][ T5081] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5081] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5081] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file1") = 0 [pid 5081] ioctl(6, LOOP_CLR_FD) = 0 [pid 5081] close(6) = 0 [pid 5081] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] exit_group(0 [pid 5081] <... futex resumed>) = ? [pid 5080] <... exit_group resumed>) = ? [pid 5082] <... futex resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 53.427010][ T5081] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/13/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached , child_tidptr=0x555556eda690) = 5085 [pid 5085] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5085] chdir("./14") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5085] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5086]}, 88) = 5086 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5085] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5087 attached => {parent_tid=[5087]}, 88) = 5087 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5087] <... rseq resumed>) = 0 [pid 5087] set_robust_list(0x7f81bb19d9a0, 24 [pid 5085] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5087] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000./strace-static-x86_64: Process 5086 attached ) = 3 [pid 5087] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5087] <... futex resumed>) = 1 [pid 5086] <... rseq resumed>) = 0 [pid 5086] set_robust_list(0x7f81bb1be9a0, 24 [pid 5085] <... futex resumed>) = 0 [pid 5087] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5087] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5086] memfd_create("syzkaller", 0 [pid 5085] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... memfd_create resumed>) = 4 [pid 5087] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5087] <... futex resumed>) = 1 [pid 5086] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5085] <... futex resumed>) = 0 [pid 5087] <... open resumed>) = 5 [pid 5085] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5085] <... futex resumed>) = 0 [pid 5087] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5085] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] <... futex resumed>) = 0 [pid 5086] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5087] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... write resumed>) = 262144 [pid 5086] munmap(0x7f81b2d7d000, 262144) = 0 [ 53.459827][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5086] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5086] close(4) = 0 [pid 5086] mkdir("./file1", 0777) = 0 [pid 5086] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5086] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5086] chdir("./file1") = 0 [pid 5086] ioctl(6, LOOP_CLR_FD) = 0 [pid 5086] close(6) = 0 [pid 5086] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] exit_group(0 [pid 5087] <... futex resumed>) = ? [pid 5087] +++ exited with 0 +++ [pid 5086] <... futex resumed>) = ? [pid 5085] <... exit_group resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 53.510610][ T5086] loop0: detected capacity change from 0 to 512 [ 53.528178][ T5086] EXT4-fs (loop0): 1 orphan inode deleted [ 53.533948][ T5086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.546608][ T5086] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/14/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x555556eda690) = 5090 [pid 5090] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5090] chdir("./15") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5090] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5091 attached => {parent_tid=[5091]}, 88) = 5091 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] <... rseq resumed>) = 0 [pid 5091] set_robust_list(0x7f81bb1be9a0, 24 [pid 5090] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] <... set_robust_list resumed>) = 0 [pid 5090] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... futex resumed>) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] <... mmap resumed>) = 0x7f81bb17d000 [pid 5091] memfd_create("syzkaller", 0 [pid 5090] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] <... memfd_create resumed>) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5091] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5090] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5092]}, 88) = 5092 ./strace-static-x86_64: Process 5092 attached [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5092] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5092] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... write resumed>) = 262144 [pid 5090] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... open resumed>) = 4 [pid 5091] munmap(0x7f81b2d7d000, 262144 [pid 5092] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... munmap resumed>) = 0 [pid 5090] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5090] <... futex resumed>) = 0 [pid 5091] <... openat resumed>) = 5 [pid 5090] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] ioctl(5, LOOP_SET_FD, 3 [pid 5092] <... futex resumed>) = 1 [ 53.576269][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5092] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5092] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... futex resumed>) = 0 [pid 5092] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5092] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5092] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... ioctl resumed>) = 0 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... futex resumed>) = 0 [pid 5092] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5090] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] close(3) = 0 [pid 5091] mkdir("./file1", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5092] <... write resumed>) = 262144 [pid 5092] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5092] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5091] ioctl(5, LOOP_CLR_FD) = 0 [pid 5091] close(5) = 0 [pid 5091] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] exit_group(0 [pid 5092] <... futex resumed>) = ? [pid 5091] <... futex resumed>) = ? [pid 5090] <... exit_group resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 53.630901][ T5091] loop0: detected capacity change from 0 to 512 [ 53.646163][ T5091] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5093] chdir("./16") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5093] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5094]}, 88) = 5094 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5093] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5095]}, 88) = 5095 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5094 attached ./strace-static-x86_64: Process 5095 attached [pid 5094] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5095] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5094] <... rseq resumed>) = 0 [pid 5095] <... rseq resumed>) = 0 [pid 5095] set_robust_list(0x7f81bb19d9a0, 24 [pid 5094] set_robust_list(0x7f81bb1be9a0, 24 [pid 5095] <... set_robust_list resumed>) = 0 [pid 5094] <... set_robust_list resumed>) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5094] memfd_create("syzkaller", 0) = 4 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5095] <... open resumed>) = 3 [pid 5095] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5094] <... write resumed>) = 262144 [pid 5095] <... mount resumed>) = 0 [pid 5094] munmap(0x7f81b2d7d000, 262144 [pid 5095] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... munmap resumed>) = 0 [pid 5093] <... futex resumed>) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5093] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5094] <... openat resumed>) = 5 [pid 5095] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5094] ioctl(5, LOOP_SET_FD, 4 [pid 5095] <... open resumed>) = 6 [pid 5095] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5094] <... ioctl resumed>) = 0 [pid 5094] close(4) = 0 [pid 5094] mkdir("./file1", 0777) = 0 [pid 5094] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5095] <... write resumed>) = 262144 [pid 5095] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5095] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5094] ioctl(5, LOOP_CLR_FD) = 0 [pid 5094] close(5) = 0 [pid 5094] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] exit_group(0 [pid 5094] <... futex resumed>) = ? [pid 5095] <... futex resumed>) = ? [pid 5093] <... exit_group resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5096 ./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5096] chdir("./17") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5096] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5097 attached [pid 5097] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5096] <... clone3 resumed> => {parent_tid=[5097]}, 88) = 5097 [pid 5097] <... rseq resumed>) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] set_robust_list(0x7f81bb1be9a0, 24 [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5097] <... set_robust_list resumed>) = 0 [pid 5096] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], [pid 5096] <... futex resumed>) = 0 [pid 5097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] memfd_create("syzkaller", 0 [pid 5096] <... futex resumed>) = 0 [pid 5097] <... memfd_create resumed>) = 3 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5096] <... mmap resumed>) = 0x7f81bb17d000 [pid 5097] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5096] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5098 attached [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5098] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5096] <... clone3 resumed> => {parent_tid=[5098]}, 88) = 5098 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 53.712955][ T5094] loop0: detected capacity change from 0 to 512 [ 53.725945][ T5094] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5096] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... rseq resumed>) = 0 [pid 5097] <... write resumed>) = 262144 [pid 5098] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5097] munmap(0x7f81b2d7d000, 262144 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5097] <... munmap resumed>) = 0 [pid 5098] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5098] <... open resumed>) = 4 [pid 5097] ioctl(5, LOOP_SET_FD, 3 [pid 5098] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] <... ioctl resumed>) = 0 [pid 5096] <... futex resumed>) = 0 [pid 5097] close(3 [pid 5096] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5097] <... close resumed>) = 0 [pid 5096] <... futex resumed>) = 1 [pid 5098] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5097] mkdir("./file1", 0777 [pid 5096] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... mount resumed>) = 0 [pid 5097] <... mkdir resumed>) = 0 [pid 5097] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5098] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5098] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5098] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5098] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 53.777593][ T5097] loop0: detected capacity change from 0 to 512 [ 53.797608][ T5097] EXT4-fs (loop0): 1 orphan inode deleted [ 53.803349][ T5097] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5098] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5098] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] <... mount resumed>) = 0 [pid 5097] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5097] chdir("./file1") = 0 [pid 5097] ioctl(5, LOOP_CLR_FD) = 0 [pid 5097] close(5) = 0 [pid 5097] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] exit_group(0 [pid 5098] <... futex resumed>) = ? [pid 5097] <... futex resumed>) = ? [pid 5096] <... exit_group resumed>) = ? [pid 5098] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 53.817351][ T5097] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/17/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5101] chdir("./18") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [ 53.850102][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.860516][ T5024] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor212: Invalid inode table block 0 in block_group 0 [ 53.873908][ T5024] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 53.884113][ T5024] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor212: mark_inode_dirty error [pid 5101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5101] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5102 attached => {parent_tid=[5102]}, 88) = 5102 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5101] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5102] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5102] set_robust_list(0x7f81bb1be9a0, 24 [pid 5101] <... mmap resumed>) = 0x7f81bb17d000 [pid 5101] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5102] <... set_robust_list resumed>) = 0 [pid 5101] <... mprotect resumed>) = 0 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5102] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5103 attached [pid 5101] <... clone3 resumed> => {parent_tid=[5103]}, 88) = 5103 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5102] <... memfd_create resumed>) = 3 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] <... rseq resumed>) = 0 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5101] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] set_robust_list(0x7f81bb19d9a0, 24 [pid 5102] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5103] <... set_robust_list resumed>) = 0 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5103] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5103] <... open resumed>) = 4 [pid 5103] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5103] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5101] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... mount resumed>) = 0 [pid 5103] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] <... futex resumed>) = 1 [pid 5102] <... write resumed>) = 262144 [pid 5103] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5102] munmap(0x7f81b2d7d000, 262144 [pid 5101] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5103] <... futex resumed>) = 1 [pid 5103] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... munmap resumed>) = 0 [pid 5101] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5101] <... futex resumed>) = 0 [pid 5103] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5101] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5102] <... openat resumed>) = 6 [pid 5103] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] ioctl(6, LOOP_SET_FD, 3 [pid 5101] <... futex resumed>) = 0 [pid 5103] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... ioctl resumed>) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file1", 0777) = 0 [ 53.946299][ T5102] loop0: detected capacity change from 0 to 512 [ 53.968324][ T5102] EXT4-fs (loop0): 1 orphan inode deleted [ 53.974144][ T5102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5102] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5102] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file1") = 0 [pid 5102] ioctl(6, LOOP_CLR_FD) = 0 [pid 5102] close(6) = 0 [pid 5102] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] exit_group(0) = ? [pid 5103] <... futex resumed>) = ? [pid 5102] <... futex resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5106 ./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5106] chdir("./19") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5106] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5107 attached => {parent_tid=[5107]}, 88) = 5107 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5106] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5106] <... futex resumed>) = 0 [pid 5107] <... rseq resumed>) = 0 [pid 5106] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], [ 53.987070][ T5102] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.016144][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] <... mmap resumed>) = 0x7f81bb17d000 [pid 5107] memfd_create("syzkaller", 0) = 3 [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5106] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5108 attached [pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5108] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5108] set_robust_list(0x7f81bb19d9a0, 24 [pid 5106] <... clone3 resumed> => {parent_tid=[5108]}, 88) = 5108 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5107] <... write resumed>) = 262144 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] munmap(0x7f81b2d7d000, 262144 [pid 5108] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... munmap resumed>) = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5107] ioctl(5, LOOP_SET_FD, 3 [pid 5108] <... open resumed>) = 4 [pid 5108] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 1 [pid 5108] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5108] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5108] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5106] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... open resumed>) = 6 [pid 5108] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 1 [pid 5108] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5106] <... futex resumed>) = 0 [pid 5107] <... ioctl resumed>) = 0 [pid 5106] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] close(3) = 0 [pid 5107] mkdir("./file1", 0777) = 0 [pid 5107] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5108] <... write resumed>) = 262144 [pid 5108] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5108] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5107] ioctl(5, LOOP_CLR_FD) = 0 [pid 5107] close(5) = 0 [pid 5107] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] exit_group(0 [pid 5107] <... futex resumed>) = ? [pid 5108] <... futex resumed>) = ? [pid 5106] <... exit_group resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 54.091779][ T5107] loop0: detected capacity change from 0 to 512 [ 54.106818][ T5107] EXT4-fs (loop0): VFS: Can't find ext4 filesystem close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached , child_tidptr=0x555556eda690) = 5109 [pid 5109] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5109] chdir("./20") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5109] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5109] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5110 attached [pid 5110] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5109] <... clone3 resumed> => {parent_tid=[5110]}, 88) = 5110 [pid 5110] <... rseq resumed>) = 0 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5109] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] memfd_create("syzkaller", 0 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] <... memfd_create resumed>) = 3 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5109] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5109] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5109] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5111 attached => {parent_tid=[5111]}, 88) = 5111 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5109] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... rseq resumed>) = 0 [pid 5111] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5110] <... write resumed>) = 262144 [pid 5111] <... open resumed>) = 4 [pid 5110] munmap(0x7f81b2d7d000, 262144 [pid 5111] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... munmap resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5111] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5109] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... mount resumed>) = 0 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5111] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5111] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] ioctl(5, LOOP_SET_FD, 3 [pid 5109] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... ioctl resumed>) = 0 [pid 5109] <... futex resumed>) = 1 [pid 5111] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5109] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... open resumed>) = 6 [pid 5111] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5111] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5109] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] close(3) = 0 [pid 5110] mkdir("./file1", 0777) = 0 [pid 5110] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5111] <... write resumed>) = 262144 [pid 5111] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5111] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5110] ioctl(5, LOOP_CLR_FD) = 0 [pid 5110] close(5) = 0 [pid 5110] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] exit_group(0 [pid 5111] <... futex resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5110] <... futex resumed>) = ? [pid 5109] <... exit_group resumed>) = ? [pid 5110] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached , child_tidptr=0x555556eda690) = 5112 [pid 5112] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5112] chdir("./21") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [ 54.195401][ T5110] loop0: detected capacity change from 0 to 512 [ 54.211460][ T5110] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5112] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5113 attached => {parent_tid=[5113]}, 88) = 5113 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5112] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... rseq resumed>) = 0 [pid 5112] <... futex resumed>) = 0 [pid 5113] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5112] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], [pid 5112] <... futex resumed>) = 0 [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] memfd_create("syzkaller", 0 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5113] <... memfd_create resumed>) = 3 [pid 5112] <... mmap resumed>) = 0x7f81bb17d000 [pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5112] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5113] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5112] <... mprotect resumed>) = 0 [pid 5112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5114 attached [pid 5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5114] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5112] <... clone3 resumed> => {parent_tid=[5114]}, 88) = 5114 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5112] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] set_robust_list(0x7f81bb19d9a0, 24 [pid 5113] <... write resumed>) = 262144 [pid 5114] <... set_robust_list resumed>) = 0 [pid 5113] munmap(0x7f81b2d7d000, 262144 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] <... munmap resumed>) = 0 [pid 5114] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5114] <... open resumed>) = 4 [pid 5113] ioctl(5, LOOP_SET_FD, 3 [pid 5114] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5112] <... futex resumed>) = 1 [pid 5114] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5112] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... mount resumed>) = 0 [pid 5113] <... ioctl resumed>) = 0 [pid 5114] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] close(3 [pid 5112] <... futex resumed>) = 0 [pid 5114] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5112] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5113] <... close resumed>) = 0 [pid 5113] mkdir("./file1", 0777 [pid 5114] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5114] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] <... futex resumed>) = 0 [pid 5114] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5112] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... mkdir resumed>) = 0 [pid 5113] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5114] <... write resumed>) = 262144 [pid 5114] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5114] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5113] ioctl(5, LOOP_CLR_FD) = 0 [pid 5113] close(5) = 0 [pid 5113] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] exit_group(0 [pid 5114] <... futex resumed>) = ? [pid 5112] <... exit_group resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5113] <... futex resumed>) = ? [pid 5113] +++ exited with 0 +++ [pid 5112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached , child_tidptr=0x555556eda690) = 5115 [pid 5115] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5115] chdir("./22") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5115] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5116 attached => {parent_tid=[5116]}, 88) = 5116 [pid 5116] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] set_robust_list(0x7f81bb1be9a0, 24 [pid 5115] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] memfd_create("syzkaller", 0 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5116] <... memfd_create resumed>) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5115] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5116] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5115] <... mprotect resumed>) = 0 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5117 attached [pid 5117] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5115] <... clone3 resumed> => {parent_tid=[5117]}, 88) = 5117 [pid 5117] <... rseq resumed>) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5117] set_robust_list(0x7f81bb19d9a0, 24 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5117] <... set_robust_list resumed>) = 0 [pid 5115] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], [pid 5115] <... futex resumed>) = 0 [pid 5117] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 54.271507][ T5113] loop0: detected capacity change from 0 to 512 [ 54.292830][ T5113] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5117] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5115] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... open resumed>) = 4 [pid 5116] <... write resumed>) = 262144 [pid 5117] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5117] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5115] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] munmap(0x7f81b2d7d000, 262144 [pid 5117] <... mount resumed>) = 0 [pid 5117] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5117] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5115] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] <... open resumed>) = 5 [pid 5115] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5115] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5115] <... futex resumed>) = 0 [pid 5117] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5115] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... munmap resumed>) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5116] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] mkdir("./file1", 0777) = 0 [ 54.359113][ T5116] loop0: detected capacity change from 0 to 512 [ 54.378428][ T5116] EXT4-fs (loop0): 1 orphan inode deleted [ 54.384370][ T5116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5116] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5116] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./file1") = 0 [pid 5116] ioctl(6, LOOP_CLR_FD) = 0 [pid 5116] close(6) = 0 [pid 5116] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] exit_group(0 [pid 5116] <... futex resumed>) = ? [pid 5117] <... futex resumed>) = ? [pid 5115] <... exit_group resumed>) = ? [pid 5116] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5120 ./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5120] chdir("./23") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5120] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5121 attached [pid 5121] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5121] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 54.397394][ T5116] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/22/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.422994][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5121] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] <... clone3 resumed> => {parent_tid=[5121]}, 88) = 5121 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5120] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 1 [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5120] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5120] <... futex resumed>) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5120] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} => {parent_tid=[5122]}, 88) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5121] <... write resumed>) = 262144 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5122] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5121] munmap(0x7f81b2d9e000, 262144 [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] <... rseq resumed>) = 0 [pid 5122] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5120] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... set_robust_list resumed>) = 0 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], [pid 5121] <... munmap resumed>) = 0 [pid 5122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5122] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5122] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... openat resumed>) = 4 [pid 5122] <... futex resumed>) = 1 [pid 5121] ioctl(4, LOOP_SET_FD, 3 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5120] <... futex resumed>) = 0 [pid 5121] <... ioctl resumed>) = 0 [pid 5122] <... mount resumed>) = 0 [pid 5121] close(3 [pid 5120] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... close resumed>) = 0 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5121] mkdir("./file1", 0777 [pid 5120] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... mkdir resumed>) = 0 [pid 5122] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5121] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5122] <... open resumed>) = 3 [pid 5122] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5122] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 1 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5120] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... write resumed>) = 262144 [pid 5122] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] <... futex resumed>) = 0 [pid 5121] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5121] ioctl(4, LOOP_CLR_FD) = 0 [pid 5121] close(4) = 0 [pid 5121] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] exit_group(0 [pid 5122] <... futex resumed>) = ? [pid 5121] <... futex resumed>) = ? [pid 5120] <... exit_group resumed>) = ? [pid 5122] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5123] chdir("./24") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5123 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5123] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 54.479400][ T5121] loop0: detected capacity change from 0 to 512 [ 54.494677][ T5121] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5124 attached => {parent_tid=[5124]}, 88) = 5124 [pid 5124] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5124] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5124] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5123] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5123] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] memfd_create("syzkaller", 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5124] <... memfd_create resumed>) = 3 [pid 5123] <... mmap resumed>) = 0x7f81bb17d000 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5123] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5125 attached [pid 5125] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5125] set_robust_list(0x7f81bb19d9a0, 24 [pid 5123] <... clone3 resumed> => {parent_tid=[5125]}, 88) = 5125 [pid 5125] <... set_robust_list resumed>) = 0 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], [pid 5125] rt_sigprocmask(SIG_SETMASK, [], [pid 5123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5123] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5125] <... open resumed>) = 4 [pid 5125] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5123] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... mount resumed>) = 0 [pid 5125] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5125] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... open resumed>) = 5 [pid 5125] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5123] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5125] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5125] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... write resumed>) = 262144 [pid 5124] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5124] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] mkdir("./file1", 0777) = 0 [ 54.568750][ T5124] loop0: detected capacity change from 0 to 512 [ 54.587948][ T5124] EXT4-fs (loop0): 1 orphan inode deleted [ 54.593896][ T5124] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5124] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5124] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file1") = 0 [pid 5124] ioctl(6, LOOP_CLR_FD) = 0 [pid 5124] close(6) = 0 [pid 5124] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] exit_group(0 [pid 5125] <... futex resumed>) = ? [pid 5123] <... exit_group resumed>) = ? [pid 5125] +++ exited with 0 +++ [pid 5124] <... futex resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached , child_tidptr=0x555556eda690) = 5128 [pid 5128] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5128] chdir("./25") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5128] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5129]}, 88) = 5129 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5128] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5128] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5130 attached => {parent_tid=[5130]}, 88) = 5130 [pid 5130] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5129 attached NULL, 8) = 0 [pid 5128] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... rseq resumed>) = 0 [pid 5130] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5130] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5129] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5129] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5130] <... open resumed>) = 3 [pid 5130] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] memfd_create("syzkaller", 0) = 4 [pid 5128] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5130] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5129] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5130] <... mount resumed>) = 0 [pid 5130] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... write resumed>) = 262144 [pid 5130] <... futex resumed>) = 1 [pid 5129] munmap(0x7f81b2d7d000, 262144 [pid 5130] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5129] <... munmap resumed>) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5130] <... open resumed>) = 5 [pid 5130] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5130] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5128] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... openat resumed>) = 6 [pid 5130] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5128] <... futex resumed>) = 0 [ 54.607062][ T5124] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/24/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.638731][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5130] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] ioctl(6, LOOP_SET_FD, 4 [pid 5128] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... ioctl resumed>) = 0 [pid 5129] close(4) = 0 [pid 5129] mkdir("./file1", 0777) = 0 [ 54.678077][ T5129] loop0: detected capacity change from 0 to 512 [ 54.697983][ T5129] EXT4-fs (loop0): 1 orphan inode deleted [ 54.703944][ T5129] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5129] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5129] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5129] chdir("./file1") = 0 [pid 5129] ioctl(6, LOOP_CLR_FD) = 0 [pid 5129] close(6) = 0 [pid 5129] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] exit_group(0 [pid 5130] <... futex resumed>) = ? [pid 5128] <... exit_group resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5129] <... futex resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 54.716891][ T5129] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/25/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5133 ./strace-static-x86_64: Process 5133 attached [pid 5133] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5133] chdir("./26") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5133] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5133] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5134 attached => {parent_tid=[5134]}, 88) = 5134 [pid 5134] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5133] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5134] <... rseq resumed>) = 0 [pid 5133] <... mmap resumed>) = 0x7f81bb17d000 [pid 5133] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5134] set_robust_list(0x7f81bb1be9a0, 24 [pid 5133] <... mprotect resumed>) = 0 [pid 5133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] <... set_robust_list resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5135 attached [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] <... clone3 resumed> => {parent_tid=[5135]}, 88) = 5135 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], [pid 5135] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5134] memfd_create("syzkaller", 0 [pid 5133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5135] <... rseq resumed>) = 0 [pid 5135] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5134] <... memfd_create resumed>) = 3 [pid 5135] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5133] <... futex resumed>) = 0 [pid 5135] <... open resumed>) = 4 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5133] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 0 [pid 5135] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5135] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5135] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5133] <... futex resumed>) = 0 [pid 5135] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5133] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... write resumed>) = 262144 [pid 5134] munmap(0x7f81b2d7d000, 262144 [pid 5135] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5135] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... munmap resumed>) = 0 [pid 5133] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5135] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5135] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... openat resumed>) = 6 [pid 5133] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 0 [pid 5134] ioctl(6, LOOP_SET_FD, 3 [pid 5133] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 54.762975][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5134] <... ioctl resumed>) = 0 [pid 5134] close(3) = 0 [pid 5134] mkdir("./file1", 0777) = 0 [pid 5134] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5134] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5134] chdir("./file1") = 0 [pid 5134] ioctl(6, LOOP_CLR_FD) = 0 [pid 5134] close(6) = 0 [pid 5134] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] exit_group(0) = ? [pid 5134] <... futex resumed>) = ? [pid 5134] +++ exited with 0 +++ [pid 5135] <... futex resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 54.819875][ T5134] loop0: detected capacity change from 0 to 512 [ 54.838299][ T5134] EXT4-fs (loop0): 1 orphan inode deleted [ 54.844034][ T5134] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.856724][ T5134] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/26/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5138 attached , child_tidptr=0x555556eda690) = 5138 [pid 5138] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5138] chdir("./27") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5138] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5139 attached [pid 5139] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5138] <... clone3 resumed> => {parent_tid=[5139]}, 88) = 5139 [pid 5139] <... rseq resumed>) = 0 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] set_robust_list(0x7f81bb1be9a0, 24 [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] <... set_robust_list resumed>) = 0 [pid 5138] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5138] <... futex resumed>) = 0 [pid 5139] memfd_create("syzkaller", 0 [pid 5138] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5139] <... memfd_create resumed>) = 3 [pid 5138] <... mmap resumed>) = 0x7f81bb17d000 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5138] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5140]}, 88) = 5140 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5138] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5140 attached [pid 5140] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5140] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5139] <... write resumed>) = 262144 [pid 5139] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 54.898922][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5140] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5139] <... openat resumed>) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3 [pid 5140] <... open resumed>) = 5 [pid 5140] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... ioctl resumed>) = 0 [pid 5138] <... futex resumed>) = 0 [pid 5139] close(3) = 0 [pid 5139] mkdir("./file1", 0777 [pid 5138] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... mkdir resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5139] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5140] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5140] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5140] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5138] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... open resumed>) = 3 [pid 5140] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5140] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] <... futex resumed>) = 0 [pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5138] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... write resumed>) = 262144 [pid 5140] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5140] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5139] ioctl(4, LOOP_CLR_FD) = 0 [pid 5139] close(4) = 0 [pid 5139] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] exit_group(0 [pid 5140] <... futex resumed>) = ? [pid 5138] <... exit_group resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5139] <... futex resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5141 ./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5141] chdir("./28") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [ 54.947890][ T5139] loop0: detected capacity change from 0 to 512 [ 54.975248][ T5139] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5141] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5142 attached => {parent_tid=[5142]}, 88) = 5142 [pid 5142] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], [pid 5142] <... rseq resumed>) = 0 [pid 5141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] set_robust_list(0x7f81bb1be9a0, 24 [pid 5141] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... set_robust_list resumed>) = 0 [pid 5141] <... futex resumed>) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], [pid 5141] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5141] <... futex resumed>) = 0 [pid 5142] memfd_create("syzkaller", 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5142] <... memfd_create resumed>) = 3 [pid 5141] <... mmap resumed>) = 0x7f81bb17d000 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5141] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5142] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5141] <... mprotect resumed>) = 0 [pid 5141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5141] <... clone3 resumed> => {parent_tid=[5143]}, 88) = 5143 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5143 attached [pid 5142] munmap(0x7f81b2d7d000, 262144 [pid 5143] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] <... munmap resumed>) = 0 [pid 5143] <... rseq resumed>) = 0 [pid 5141] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] set_robust_list(0x7f81bb19d9a0, 24 [pid 5141] <... futex resumed>) = 0 [pid 5143] <... set_robust_list resumed>) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5141] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5143] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5143] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... openat resumed>) = 4 [pid 5142] ioctl(4, LOOP_SET_FD, 3 [pid 5143] <... futex resumed>) = 1 [pid 5143] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... futex resumed>) = 0 [pid 5143] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5143] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5143] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5141] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5141] <... futex resumed>) = 0 [pid 5142] <... ioctl resumed>) = 0 [pid 5143] <... open resumed>) = 6 [pid 5141] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] close(3) = 0 [pid 5143] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] mkdir("./file1", 0777 [pid 5143] <... futex resumed>) = 1 [pid 5143] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... futex resumed>) = 0 [pid 5142] <... mkdir resumed>) = 0 [pid 5142] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5141] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... futex resumed>) = 0 [pid 5143] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5143] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [ 55.038836][ T5142] loop0: detected capacity change from 0 to 512 [ 55.055959][ T5144] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 55.056479][ T5142] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor212: Invalid inode table block 0 in block_group 0 [ 55.080493][ T5142] EXT4-fs (loop0): get root inode failed [pid 5143] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5142] ioctl(4, LOOP_CLR_FD) = 0 [pid 5142] close(4) = 0 [pid 5142] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] exit_group(0) = ? [pid 5143] <... futex resumed>) = ? [pid 5142] <... futex resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5146 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x555556eda6a0, 24) = 0 [ 55.086175][ T5142] EXT4-fs (loop0): mount failed [pid 5146] chdir("./29") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5146] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5147 attached => {parent_tid=[5147]}, 88) = 5147 [pid 5147] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] <... rseq resumed>) = 0 [pid 5147] set_robust_list(0x7f81bb1be9a0, 24 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] <... set_robust_list resumed>) = 0 [pid 5146] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] <... futex resumed>) = 0 [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] memfd_create("syzkaller", 0 [pid 5146] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] <... memfd_create resumed>) = 3 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5146] <... mmap resumed>) = 0x7f81bb17d000 [pid 5147] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5146] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5146] <... clone3 resumed> => {parent_tid=[5148]}, 88) = 5148 ./strace-static-x86_64: Process 5148 attached [pid 5146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5148] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5146] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... rseq resumed>) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5148] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5148] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5146] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... open resumed>) = 4 [pid 5147] <... write resumed>) = 262144 [pid 5148] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] munmap(0x7f81b2d7d000, 262144 [pid 5146] <... futex resumed>) = 0 [pid 5148] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... munmap resumed>) = 0 [pid 5146] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5148] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5148] <... mount resumed>) = 0 [pid 5147] <... openat resumed>) = 5 [pid 5148] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5148] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5146] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] ioctl(5, LOOP_SET_FD, 3 [pid 5148] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5148] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 0 [pid 5147] <... ioctl resumed>) = 0 [pid 5146] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5147] close(3 [pid 5146] <... futex resumed>) = 1 [pid 5147] <... close resumed>) = 0 [pid 5146] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] mkdir("./file1", 0777 [pid 5148] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5147] <... mkdir resumed>) = 0 [pid 5147] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5148] <... write resumed>) = 262144 [pid 5148] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5148] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5147] ioctl(5, LOOP_CLR_FD) = 0 [pid 5147] close(5) = 0 [pid 5147] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] exit_group(0 [pid 5148] <... futex resumed>) = ? [pid 5146] <... exit_group resumed>) = ? [pid 5148] +++ exited with 0 +++ [pid 5147] <... futex resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5149 ./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x555556eda6a0, 24) = 0 [ 55.151595][ T5147] loop0: detected capacity change from 0 to 512 [ 55.166526][ T5147] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5149] chdir("./30") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5149] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5150 attached => {parent_tid=[5150]}, 88) = 5150 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5150] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5149] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... rseq resumed>) = 0 [pid 5149] <... futex resumed>) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5149] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5150] set_robust_list(0x7f81bb1be9a0, 24 [pid 5149] <... mprotect resumed>) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5150] <... set_robust_list resumed>) = 0 [pid 5149] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5151 attached [pid 5151] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5149] <... clone3 resumed> => {parent_tid=[5151]}, 88) = 5151 [pid 5151] set_robust_list(0x7f81bb19d9a0, 24 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], [pid 5151] <... set_robust_list resumed>) = 0 [pid 5150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5151] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5150] memfd_create("syzkaller", 0 [pid 5149] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5149] <... futex resumed>) = 0 [pid 5150] <... memfd_create resumed>) = 3 [pid 5149] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... open resumed>) = 4 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5151] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... futex resumed>) = 1 [pid 5151] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5151] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5149] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5151] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5149] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5151] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5149] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5151] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = 0 [pid 5150] <... write resumed>) = 262144 [pid 5150] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5150] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file1", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5150] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file1") = 0 [pid 5150] ioctl(6, LOOP_CLR_FD) = 0 [pid 5150] close(6) = 0 [pid 5150] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] exit_group(0 [pid 5151] <... futex resumed>) = ? [pid 5150] <... futex resumed>) = ? [pid 5151] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ [pid 5149] <... exit_group resumed>) = ? [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 55.233164][ T5150] loop0: detected capacity change from 0 to 512 [ 55.247858][ T5150] EXT4-fs (loop0): 1 orphan inode deleted [ 55.253769][ T5150] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.266457][ T5150] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/30/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5154 attached , child_tidptr=0x555556eda690) = 5154 [pid 5154] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5154] chdir("./31") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5154] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5155 attached => {parent_tid=[5155]}, 88) = 5155 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] <... rseq resumed>) = 0 [pid 5154] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] set_robust_list(0x7f81bb1be9a0, 24 [pid 5154] <... futex resumed>) = 0 [pid 5155] <... set_robust_list resumed>) = 0 [pid 5154] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] <... futex resumed>) = 0 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5155] memfd_create("syzkaller", 0 [pid 5154] <... mmap resumed>) = 0x7f81bb17d000 [pid 5155] <... memfd_create resumed>) = 3 [pid 5154] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5154] <... mprotect resumed>) = 0 [pid 5155] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5156]}, 88) = 5156 ./strace-static-x86_64: Process 5156 attached [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5156] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5154] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5156] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5154] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... open resumed>) = 4 [pid 5156] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... write resumed>) = 262144 [pid 5154] <... futex resumed>) = 0 [pid 5155] munmap(0x7f81b2d7d000, 262144 [pid 5154] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5155] <... munmap resumed>) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5156] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... openat resumed>) = 5 [pid 5155] ioctl(5, LOOP_SET_FD, 3 [pid 5156] <... futex resumed>) = 1 [pid 5154] <... futex resumed>) = 0 [ 55.295865][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5156] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5156] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5155] <... ioctl resumed>) = 0 [pid 5155] close(3) = 0 [pid 5156] <... open resumed>) = 6 [pid 5156] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] mkdir("./file1", 0777 [pid 5156] <... futex resumed>) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5156] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5154] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5155] <... mkdir resumed>) = 0 [pid 5155] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5156] <... write resumed>) = 262144 [pid 5156] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5156] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5155] ioctl(5, LOOP_CLR_FD) = 0 [pid 5155] close(5) = 0 [pid 5155] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] exit_group(0) = ? [pid 5156] <... futex resumed>) = ? [pid 5156] +++ exited with 0 +++ [pid 5155] <... futex resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached , child_tidptr=0x555556eda690) = 5157 [pid 5157] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5157] chdir("./32") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [ 55.340262][ T5155] loop0: detected capacity change from 0 to 512 [ 55.354658][ T5155] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5157] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5158 attached => {parent_tid=[5158]}, 88) = 5158 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5157] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5158] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5157] <... mmap resumed>) = 0x7f81bb17d000 [pid 5157] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5158] <... rseq resumed>) = 0 [pid 5157] <... mprotect resumed>) = 0 [pid 5158] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5159 attached [pid 5158] memfd_create("syzkaller", 0 [pid 5157] <... clone3 resumed> => {parent_tid=[5159]}, 88) = 5159 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5157] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... memfd_create resumed>) = 3 [pid 5159] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5159] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5158] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5159] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5159] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5159] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5157] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5158] <... write resumed>) = 262144 [pid 5158] munmap(0x7f81b2d7d000, 262144 [pid 5159] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5158] <... munmap resumed>) = 0 [pid 5159] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5159] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5159] <... futex resumed>) = 0 [pid 5157] <... futex resumed>) = 1 [pid 5159] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5158] <... openat resumed>) = 6 [pid 5157] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5159] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] ioctl(6, LOOP_SET_FD, 3 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... ioctl resumed>) = 0 [pid 5158] close(3) = 0 [pid 5158] mkdir("./file1", 0777) = 0 [pid 5158] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5158] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5158] chdir("./file1") = 0 [pid 5158] ioctl(6, LOOP_CLR_FD) = 0 [pid 5158] close(6) = 0 [pid 5158] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] exit_group(0 [pid 5158] <... futex resumed>) = ? [pid 5157] <... exit_group resumed>) = ? [pid 5159] <... futex resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 55.419978][ T5158] loop0: detected capacity change from 0 to 512 [ 55.438581][ T5158] EXT4-fs (loop0): 1 orphan inode deleted [ 55.444531][ T5158] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.457657][ T5158] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/32/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5162 attached , child_tidptr=0x555556eda690) = 5162 [pid 5162] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5162] chdir("./33") = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5162] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5162] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5163 attached => {parent_tid=[5163]}, 88) = 5163 [pid 5163] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5163] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5163] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5162] <... futex resumed>) = 0 [pid 5163] memfd_create("syzkaller", 0 [pid 5162] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] <... memfd_create resumed>) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5163] <... mmap resumed>) = 0x7f81b2d9e000 [pid 5162] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5162] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} => {parent_tid=[5164]}, 88) = 5164 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5162] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5164 attached [pid 5164] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5162] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... rseq resumed>) = 0 [pid 5162] <... futex resumed>) = 0 [pid 5164] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5162] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5164] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5163] <... write resumed>) = 262144 [pid 5163] munmap(0x7f81b2d9e000, 262144 [pid 5164] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... munmap resumed>) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5164] <... futex resumed>) = 1 [pid 5163] <... openat resumed>) = 5 [pid 5162] <... futex resumed>) = 0 [pid 5164] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 55.489856][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5163] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5162] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... futex resumed>) = 0 [pid 5164] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5164] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5164] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5162] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... open resumed>) = 6 [pid 5164] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5164] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5162] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] close(3) = 0 [pid 5163] mkdir("./file1", 0777) = 0 [pid 5163] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5164] <... write resumed>) = 262144 [pid 5164] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5164] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5163] ioctl(5, LOOP_CLR_FD) = 0 [pid 5163] close(5) = 0 [pid 5163] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] exit_group(0 [pid 5163] <... futex resumed>) = ? [pid 5162] <... exit_group resumed>) = ? [pid 5164] <... futex resumed>) = ? [pid 5164] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ [pid 5162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5165 attached , child_tidptr=0x555556eda690) = 5165 [pid 5165] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5165] chdir("./34") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5165] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5166 attached [pid 5166] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5166] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5166] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... clone3 resumed> => {parent_tid=[5166]}, 88) = 5166 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5165] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5166] memfd_create("syzkaller", 0 [pid 5165] <... futex resumed>) = 1 [ 55.535313][ T5163] loop0: detected capacity change from 0 to 512 [ 55.552081][ T5163] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5165] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... memfd_create resumed>) = 3 [pid 5165] <... futex resumed>) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5165] <... mmap resumed>) = 0x7f81bb17d000 [pid 5166] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5165] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5167]}, 88) = 5167 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5165] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5167 attached [pid 5167] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5166] <... write resumed>) = 262144 [pid 5167] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5166] munmap(0x7f81b2d7d000, 262144 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5167] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5166] <... munmap resumed>) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5167] <... open resumed>) = 4 [pid 5166] <... openat resumed>) = 5 [pid 5166] ioctl(5, LOOP_SET_FD, 3 [pid 5167] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... ioctl resumed>) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./file1", 0777 [pid 5167] <... futex resumed>) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... mkdir resumed>) = 0 [pid 5166] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5167] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5167] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5167] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5165] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... open resumed>) = 3 [pid 5167] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5167] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] <... futex resumed>) = 0 [pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5165] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... write resumed>) = 262144 [pid 5167] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... futex resumed>) = 0 [ 55.600752][ T5166] loop0: detected capacity change from 0 to 512 [ 55.615632][ T5168] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 55.622510][ T5166] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor212: Invalid inode table block 0 in block_group 0 [ 55.640739][ T5166] EXT4-fs (loop0): get root inode failed [pid 5166] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5166] ioctl(5, LOOP_CLR_FD) = 0 [pid 5166] close(5) = 0 [pid 5166] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] exit_group(0 [pid 5167] <... futex resumed>) = ? [pid 5166] <... futex resumed>) = ? [pid 5165] <... exit_group resumed>) = ? [pid 5167] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5170 attached , child_tidptr=0x555556eda690) = 5170 [pid 5170] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5170] chdir("./35") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5170] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5170] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5171 attached => {parent_tid=[5171]}, 88) = 5171 [ 55.646745][ T5166] EXT4-fs (loop0): mount failed [pid 5171] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], [pid 5171] <... rseq resumed>) = 0 [pid 5171] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5171] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5170] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] <... futex resumed>) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5170] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5171] memfd_create("syzkaller", 0 [pid 5170] <... mprotect resumed>) = 0 [pid 5170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5171] <... memfd_create resumed>) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5171] <... mmap resumed>) = 0x7f81b2d7d000 ./strace-static-x86_64: Process 5172 attached [pid 5170] <... clone3 resumed> => {parent_tid=[5172]}, 88) = 5172 [pid 5172] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] set_robust_list(0x7f81bb19d9a0, 24 [pid 5170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] <... set_robust_list resumed>) = 0 [pid 5170] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] <... futex resumed>) = 0 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5170] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5172] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5170] <... futex resumed>) = 0 [pid 5172] <... mount resumed>) = 0 [pid 5170] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5172] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5170] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... open resumed>) = 5 [pid 5172] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5172] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5170] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5172] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5172] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... write resumed>) = 262144 [pid 5171] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5171] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] mkdir("./file1", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5171] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] chdir("./file1") = 0 [pid 5171] ioctl(6, LOOP_CLR_FD) = 0 [pid 5171] close(6) = 0 [pid 5171] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] exit_group(0 [pid 5171] ???( [pid 5170] <... exit_group resumed>) = ? [pid 5171] <... ??? resumed>) = ? [pid 5172] <... futex resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5172] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 55.721368][ T5171] loop0: detected capacity change from 0 to 512 [ 55.738046][ T5171] EXT4-fs (loop0): 1 orphan inode deleted [ 55.743828][ T5171] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.757007][ T5171] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/35/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5176 attached , child_tidptr=0x555556eda690) = 5176 [pid 5176] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5176] chdir("./36") = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5176] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5177 attached [pid 5177] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5176] <... clone3 resumed> => {parent_tid=[5177]}, 88) = 5177 [pid 5177] <... rseq resumed>) = 0 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] set_robust_list(0x7f81bb1be9a0, 24 [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] <... set_robust_list resumed>) = 0 [pid 5176] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5176] <... futex resumed>) = 0 [pid 5177] memfd_create("syzkaller", 0 [pid 5176] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5177] <... memfd_create resumed>) = 3 [pid 5176] <... mmap resumed>) = 0x7f81bb17d000 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5176] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5176] <... mprotect resumed>) = 0 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5178]}, 88) = 5178 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5176] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5178 attached ) = 0 [pid 5178] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5176] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... rseq resumed>) = 0 [pid 5178] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5178] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5177] <... write resumed>) = 262144 [pid 5178] <... open resumed>) = 4 [pid 5177] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5178] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = 0 [pid 5178] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5176] <... futex resumed>) = 1 [pid 5176] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... mount resumed>) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5178] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... openat resumed>) = 5 [pid 5178] <... futex resumed>) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [ 55.783001][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5178] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5176] <... futex resumed>) = 0 [pid 5178] <... open resumed>) = 6 [pid 5176] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] ioctl(5, LOOP_SET_FD, 3 [pid 5178] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = 1 [pid 5178] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5177] <... ioctl resumed>) = 0 [pid 5176] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] close(3) = 0 [pid 5177] mkdir("./file1", 0777) = 0 [pid 5177] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5178] <... write resumed>) = 262144 [pid 5178] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5178] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5177] ioctl(5, LOOP_CLR_FD) = 0 [pid 5177] close(5) = 0 [pid 5177] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] exit_group(0 [pid 5178] <... futex resumed>) = ? [pid 5177] <... futex resumed>) = ? [pid 5176] <... exit_group resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5177] +++ exited with 0 +++ [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5179 ./strace-static-x86_64: Process 5179 attached [pid 5179] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5179] chdir("./37") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5179] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5179] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5180 attached => {parent_tid=[5180]}, 88) = 5180 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5180] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5180] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5180] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5179] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5180] <... futex resumed>) = 0 [ 55.824552][ T5177] loop0: detected capacity change from 0 to 512 [ 55.842316][ T5177] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5179] <... mmap resumed>) = 0x7f81bb17d000 [pid 5180] memfd_create("syzkaller", 0) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5179] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5181 attached [pid 5181] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5179] <... clone3 resumed> => {parent_tid=[5181]}, 88) = 5181 [pid 5181] <... rseq resumed>) = 0 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5181] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5180] <... write resumed>) = 262144 [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5180] munmap(0x7f81b2d7d000, 262144 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], [pid 5179] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5179] <... futex resumed>) = 0 [pid 5181] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5179] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... munmap resumed>) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5180] ioctl(5, LOOP_SET_FD, 3 [pid 5181] <... open resumed>) = 4 [pid 5181] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5181] <... futex resumed>) = 1 [pid 5181] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5181] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5179] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... mount resumed>) = 0 [pid 5180] <... ioctl resumed>) = 0 [pid 5180] close(3) = 0 [pid 5180] mkdir("./file1", 0777 [pid 5181] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5181] <... futex resumed>) = 1 [pid 5179] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5179] <... futex resumed>) = 0 [pid 5181] <... open resumed>) = 3 [pid 5180] <... mkdir resumed>) = 0 [pid 5179] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5181] <... futex resumed>) = 0 [pid 5179] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5180] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... write resumed>) = 262144 [pid 5181] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5181] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5180] ioctl(5, LOOP_CLR_FD) = 0 [pid 5180] close(5) = 0 [pid 5180] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] exit_group(0) = ? [pid 5181] <... futex resumed>) = ? [pid 5180] <... futex resumed>) = ? [pid 5180] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 55.896785][ T5180] loop0: detected capacity change from 0 to 512 [ 55.912410][ T5180] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5182 ./strace-static-x86_64: Process 5182 attached [pid 5182] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5182] chdir("./38") = 0 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] setpgid(0, 0) = 0 [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5182] write(3, "1000", 4) = 4 [pid 5182] close(3) = 0 [pid 5182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5182] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5182] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5182] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5183 attached => {parent_tid=[5183]}, 88) = 5183 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5183] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5182] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] memfd_create("syzkaller", 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5183] <... memfd_create resumed>) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5182] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5182] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5184 attached => {parent_tid=[5184]}, 88) = 5184 [pid 5184] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] <... rseq resumed>) = 0 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5182] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... set_robust_list resumed>) = 0 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5184] <... open resumed>) = 4 [pid 5184] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5184] <... futex resumed>) = 1 [pid 5182] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5183] <... write resumed>) = 262144 [pid 5182] <... futex resumed>) = 0 [pid 5183] munmap(0x7f81b2d9e000, 262144 [pid 5184] <... mount resumed>) = 0 [pid 5182] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... munmap resumed>) = 0 [pid 5184] <... futex resumed>) = 0 [pid 5182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5182] <... futex resumed>) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5184] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5182] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... openat resumed>) = 6 [pid 5183] ioctl(6, LOOP_SET_FD, 3 [pid 5184] <... open resumed>) = 5 [pid 5184] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5184] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5182] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... ioctl resumed>) = 0 [pid 5183] close(3) = 0 [pid 5183] mkdir("./file1", 0777) = 0 [pid 5183] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5184] <... write resumed>) = -1 EIO (Input/output error) [pid 5184] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5184] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5183] ioctl(6, LOOP_CLR_FD) = 0 [pid 5183] close(6) = 0 [pid 5183] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] exit_group(0) = ? [pid 5184] <... futex resumed>) = ? [pid 5183] +++ exited with 0 +++ [pid 5184] +++ exited with 0 +++ [pid 5182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached , child_tidptr=0x555556eda690) = 5185 [pid 5185] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5185] chdir("./39") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5185] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5185] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5186]}, 88) = 5186 ./strace-static-x86_64: Process 5186 attached [pid 5185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5186] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5185] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5186] <... rseq resumed>) = 0 [pid 5185] <... mmap resumed>) = 0x7f81bb17d000 [pid 5185] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5186] set_robust_list(0x7f81bb1be9a0, 24 [pid 5185] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5187 attached [pid 5187] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5185] <... clone3 resumed> => {parent_tid=[5187]}, 88) = 5187 [pid 5187] <... rseq resumed>) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], [pid 5187] set_robust_list(0x7f81bb19d9a0, 24 [pid 5185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5187] <... set_robust_list resumed>) = 0 [pid 5185] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5185] <... futex resumed>) = 0 [pid 5187] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5185] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... open resumed>) = 3 [pid 5186] <... set_robust_list resumed>) = 0 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], [pid 5187] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5187] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5187] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5187] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5185] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] memfd_create("syzkaller", 0 [pid 5187] <... futex resumed>) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... memfd_create resumed>) = 5 [pid 5187] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5185] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5185] <... futex resumed>) = 0 [pid 5187] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 0 [pid 5186] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5186] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 55.983039][ T5183] loop0: detected capacity change from 0 to 512 [ 55.989989][ T5184] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 55.999695][ T5184] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 56.011540][ T5183] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5186] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5186] close(5) = 0 [pid 5186] mkdir("./file1", 0777) = 0 [ 56.053425][ T5186] loop0: detected capacity change from 0 to 512 [ 56.078921][ T5186] EXT4-fs (loop0): 1 orphan inode deleted [ 56.084663][ T5186] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5186] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5186] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5186] chdir("./file1") = 0 [pid 5186] ioctl(6, LOOP_CLR_FD) = 0 [pid 5186] close(6) = 0 [pid 5186] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] exit_group(0 [pid 5187] <... futex resumed>) = ? [pid 5187] +++ exited with 0 +++ [pid 5186] <... futex resumed>) = ? [pid 5185] <... exit_group resumed>) = ? [pid 5186] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5190 attached , child_tidptr=0x555556eda690) = 5190 [pid 5190] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5190] chdir("./40") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5190] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5190] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5190] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5190] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5191 attached => {parent_tid=[5191]}, 88) = 5191 [pid 5191] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5190] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5191] set_robust_list(0x7f81bb1be9a0, 24 [pid 5190] <... mmap resumed>) = 0x7f81bb17d000 [pid 5190] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5191] <... set_robust_list resumed>) = 0 [pid 5190] <... mprotect resumed>) = 0 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5190] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5191] memfd_create("syzkaller", 0 [pid 5190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5192 attached => {parent_tid=[5192]}, 88) = 5192 [pid 5192] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], [pid 5192] set_robust_list(0x7f81bb19d9a0, 24 [pid 5191] <... memfd_create resumed>) = 3 [pid 5190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5192] <... set_robust_list resumed>) = 0 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], [pid 5191] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5190] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5190] <... futex resumed>) = 0 [ 56.097838][ T5186] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/39/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.131738][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5190] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5192] <... open resumed>) = 4 [pid 5192] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5190] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5191] <... write resumed>) = 262144 [pid 5191] munmap(0x7f81b2d7d000, 262144 [pid 5192] <... mount resumed>) = 0 [pid 5192] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5190] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5192] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5190] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] <... munmap resumed>) = 0 [pid 5190] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5192] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5190] <... futex resumed>) = 0 [pid 5192] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] <... openat resumed>) = 6 [pid 5191] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5191] close(3) = 0 [pid 5191] mkdir("./file1", 0777) = 0 [pid 5191] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5191] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5191] chdir("./file1") = 0 [pid 5191] ioctl(6, LOOP_CLR_FD) = 0 [pid 5191] close(6) = 0 [pid 5191] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] exit_group(0 [pid 5191] <... futex resumed>) = ? [pid 5190] <... exit_group resumed>) = ? [pid 5192] <... futex resumed>) = ? [pid 5191] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ [pid 5190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 56.191396][ T5191] loop0: detected capacity change from 0 to 512 [ 56.208559][ T5191] EXT4-fs (loop0): 1 orphan inode deleted [ 56.214577][ T5191] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.227726][ T5191] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/40/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5195 attached , child_tidptr=0x555556eda690) = 5195 [pid 5195] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5195] chdir("./41") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5195] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5196 attached [pid 5196] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5195] <... clone3 resumed> => {parent_tid=[5196]}, 88) = 5196 [pid 5196] set_robust_list(0x7f81bb1be9a0, 24 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], [pid 5196] <... set_robust_list resumed>) = 0 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], [pid 5195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5195] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] memfd_create("syzkaller", 0 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5196] <... memfd_create resumed>) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5195] <... mmap resumed>) = 0x7f81bb17d000 [pid 5196] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5195] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5196] <... write resumed>) = 262144 [pid 5195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5196] munmap(0x7f81b2d7d000, 262144./strace-static-x86_64: Process 5197 attached ) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5197] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5195] <... clone3 resumed> => {parent_tid=[5197]}, 88) = 5197 [pid 5197] <... rseq resumed>) = 0 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], [pid 5197] set_robust_list(0x7f81bb19d9a0, 24 [pid 5195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5197] <... set_robust_list resumed>) = 0 [pid 5195] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], [pid 5195] <... futex resumed>) = 0 [pid 5197] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 56.271161][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5195] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5196] <... openat resumed>) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3 [pid 5197] <... open resumed>) = 5 [pid 5196] <... ioctl resumed>) = 0 [pid 5196] close(3) = 0 [pid 5196] mkdir("./file1", 0777 [pid 5197] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... mkdir resumed>) = 0 [pid 5196] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5197] <... futex resumed>) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5197] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] <... futex resumed>) = 0 [pid 5197] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5195] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... mount resumed>) = 0 [pid 5197] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5197] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5195] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] <... open resumed>) = 3 [pid 5195] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 1 [pid 5195] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... write resumed>) = 262144 [pid 5197] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5197] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5196] ioctl(4, LOOP_CLR_FD) = 0 [pid 5196] close(4) = 0 [pid 5196] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] exit_group(0) = ? [pid 5197] <... futex resumed>) = ? [pid 5196] +++ exited with 0 +++ [pid 5197] +++ exited with 0 +++ [pid 5195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5198 ./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5198] chdir("./42") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5198] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5199]}, 88) = 5199 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5198] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5199 attached [pid 5199] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5198] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5198] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] <... rseq resumed>) = 0 [pid 5199] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5199] memfd_create("syzkaller", 0) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5200 attached [pid 5198] <... clone3 resumed> => {parent_tid=[5200]}, 88) = 5200 [pid 5200] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5199] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5198] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... rseq resumed>) = 0 [pid 5200] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5200] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5200] <... open resumed>) = 4 [pid 5200] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... write resumed>) = 262144 [pid 5198] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5198] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5199] munmap(0x7f81b2d7d000, 262144 [pid 5198] <... futex resumed>) = 0 [pid 5200] <... mount resumed>) = 0 [ 56.336874][ T5196] loop0: detected capacity change from 0 to 512 [ 56.355153][ T5196] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5199] <... munmap resumed>) = 0 [pid 5198] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5198] <... futex resumed>) = 1 [pid 5200] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5198] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... open resumed>) = 6 [pid 5199] <... openat resumed>) = 5 [pid 5200] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] ioctl(5, LOOP_SET_FD, 3 [pid 5200] <... futex resumed>) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5198] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... ioctl resumed>) = 0 [pid 5199] close(3) = 0 [pid 5199] mkdir("./file1", 0777) = 0 [pid 5199] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5200] <... write resumed>) = -1 EIO (Input/output error) [pid 5200] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5200] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5199] ioctl(5, LOOP_CLR_FD) = 0 [pid 5199] close(5) = 0 [pid 5199] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] exit_group(0 [pid 5199] <... futex resumed>) = ? [pid 5200] <... futex resumed>) = ? [pid 5199] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ [pid 5198] <... exit_group resumed>) = ? [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 56.419713][ T5199] loop0: detected capacity change from 0 to 512 [ 56.429292][ T5200] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 56.439634][ T5200] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 56.453579][ T5199] EXT4-fs (loop0): VFS: Can't find ext4 filesystem ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x555556eda690) = 5201 [pid 5201] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5201] chdir("./43") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5201] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5202]}, 88) = 5202 ./strace-static-x86_64: Process 5202 attached [pid 5202] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] <... rseq resumed>) = 0 [pid 5202] set_robust_list(0x7f81bb1be9a0, 24 [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] <... set_robust_list resumed>) = 0 [pid 5201] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5201] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5201] <... mprotect resumed>) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5201] <... clone3 resumed> => {parent_tid=[5203]}, 88) = 5203 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5203 attached [pid 5202] memfd_create("syzkaller", 0 [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5201] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... rseq resumed>) = 0 [pid 5202] <... memfd_create resumed>) = 3 [pid 5203] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5203] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5203] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5201] <... futex resumed>) = 0 [pid 5203] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5201] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... mount resumed>) = 0 [pid 5202] <... write resumed>) = 262144 [pid 5202] munmap(0x7f81b2d7d000, 262144 [pid 5203] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5203] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... munmap resumed>) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] <... openat resumed>) = 5 [pid 5201] <... futex resumed>) = 0 [pid 5203] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5201] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] ioctl(5, LOOP_SET_FD, 3 [pid 5203] <... open resumed>) = 6 [pid 5203] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5203] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... ioctl resumed>) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./file1", 0777) = 0 [pid 5202] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5203] <... write resumed>) = 262144 [pid 5203] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5203] <... futex resumed>) = 1 [pid 5203] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5202] ioctl(5, LOOP_CLR_FD) = 0 [pid 5202] close(5) = 0 [pid 5202] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] exit_group(0 [pid 5203] <... futex resumed>) = ? [pid 5201] <... exit_group resumed>) = ? [pid 5203] +++ exited with 0 +++ [pid 5202] <... futex resumed>) = ? [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5204 attached , child_tidptr=0x555556eda690) = 5204 [pid 5204] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5204] chdir("./44") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [ 56.541145][ T5202] loop0: detected capacity change from 0 to 512 [ 56.553830][ T5202] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5204] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5204] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5205 attached => {parent_tid=[5205]}, 88) = 5205 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5205] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5205] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], [pid 5204] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5204] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5205] memfd_create("syzkaller", 0 [pid 5204] <... mmap resumed>) = 0x7f81bb17d000 [pid 5204] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5205] <... memfd_create resumed>) = 3 [pid 5204] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5206 attached [pid 5206] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5204] <... clone3 resumed> => {parent_tid=[5206]}, 88) = 5206 [pid 5206] <... rseq resumed>) = 0 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], [pid 5206] set_robust_list(0x7f81bb19d9a0, 24 [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5206] <... set_robust_list resumed>) = 0 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], [pid 5204] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5204] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5206] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5206] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5206] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5204] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... mount resumed>) = 0 [pid 5206] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... write resumed>) = 262144 [pid 5204] <... futex resumed>) = 0 [pid 5206] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] munmap(0x7f81b2d7d000, 262144 [pid 5204] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5206] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5204] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... open resumed>) = 5 [pid 5206] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... munmap resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5206] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5206] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5204] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5206] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... openat resumed>) = 6 [pid 5206] <... futex resumed>) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5206] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] mkdir("./file1", 0777) = 0 [pid 5205] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5205] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./file1") = 0 [pid 5205] ioctl(6, LOOP_CLR_FD) = 0 [pid 5205] close(6) = 0 [pid 5205] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] exit_group(0) = ? [pid 5206] <... futex resumed>) = ? [pid 5205] <... futex resumed>) = ? [pid 5206] +++ exited with 0 +++ [pid 5205] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 56.623853][ T5205] loop0: detected capacity change from 0 to 512 [ 56.638313][ T5205] EXT4-fs (loop0): 1 orphan inode deleted [ 56.644059][ T5205] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.656592][ T5205] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/44/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5209 attached , child_tidptr=0x555556eda690) = 5209 [pid 5209] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5209] chdir("./45") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5209] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5210 attached [pid 5210] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5210] set_robust_list(0x7f81bb1be9a0, 24 [pid 5209] <... clone3 resumed> => {parent_tid=[5210]}, 88) = 5210 [pid 5210] <... set_robust_list resumed>) = 0 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], [pid 5210] rt_sigprocmask(SIG_SETMASK, [], [pid 5209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5209] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] memfd_create("syzkaller", 0 [pid 5209] <... futex resumed>) = 0 [ 56.680471][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5209] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5209] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5211]}, 88) = 5211 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5209] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5211 attached [pid 5211] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5211] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5211] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5210] <... memfd_create resumed>) = 4 [pid 5211] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5210] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5210] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5210] ioctl(5, LOOP_SET_FD, 4 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = 0 [pid 5211] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5211] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = 1 [pid 5211] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5211] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = 1 [pid 5211] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5210] <... ioctl resumed>) = 0 [pid 5210] close(4) = 0 [pid 5210] mkdir("./file1", 0777) = 0 [pid 5210] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5211] <... write resumed>) = 262144 [pid 5211] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [ 56.721543][ T5210] __do_sys_memfd_create: 35 callbacks suppressed [ 56.721558][ T5210] syz-executor212[5210]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 56.727349][ T28] kauditd_printk_skb: 35 callbacks suppressed [ 56.727361][ T28] audit: type=1800 audit(1693866687.471:47): pid=5211 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 56.751126][ T5210] loop0: detected capacity change from 0 to 512 [pid 5211] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5210] ioctl(5, LOOP_CLR_FD) = 0 [pid 5210] close(5) = 0 [pid 5210] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] exit_group(0 [pid 5210] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] <... exit_group resumed>) = ? [pid 5211] <... futex resumed>) = ? [pid 5211] +++ exited with 0 +++ [pid 5210] <... futex resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5212 attached , child_tidptr=0x555556eda690) = 5212 [pid 5212] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5212] chdir("./46") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 56.782680][ T5210] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5212] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5213 attached => {parent_tid=[5213]}, 88) = 5213 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5212] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5213] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5212] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] <... mmap resumed>) = 0x7f81bb17d000 [pid 5213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5213] memfd_create("syzkaller", 0 [pid 5212] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5214 attached => {parent_tid=[5214]}, 88) = 5214 [pid 5214] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] <... rseq resumed>) = 0 [pid 5212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5214] set_robust_list(0x7f81bb19d9a0, 24 [pid 5212] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... set_robust_list resumed>) = 0 [pid 5212] <... futex resumed>) = 0 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5214] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5213] <... memfd_create resumed>) = 4 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5213] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5213] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5213] ioctl(5, LOOP_SET_FD, 4 [pid 5214] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5214] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] <... futex resumed>) = 0 [pid 5214] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5212] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... mount resumed>) = 0 [pid 5214] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5214] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] <... futex resumed>) = 0 [pid 5214] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5212] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... open resumed>) = 6 [pid 5214] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5214] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 56.849492][ T5213] syz-executor212[5213]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 56.853316][ T28] audit: type=1800 audit(1693866687.591:48): pid=5214 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 56.880727][ T5213] loop0: detected capacity change from 0 to 512 [ 56.887198][ T5214] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [pid 5212] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] <... futex resumed>) = 0 [pid 5214] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5212] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... ioctl resumed>) = 0 [pid 5213] close(4) = 0 [pid 5213] mkdir("./file1", 0777) = 0 [pid 5213] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5214] <... write resumed>) = -1 EIO (Input/output error) [pid 5214] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5214] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5213] ioctl(5, LOOP_CLR_FD) = 0 [pid 5213] close(5) = 0 [pid 5213] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] exit_group(0) = ? [pid 5214] <... futex resumed>) = ? [pid 5214] +++ exited with 0 +++ [pid 5213] <... futex resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5215 attached , child_tidptr=0x555556eda690) = 5215 [pid 5215] set_robust_list(0x555556eda6a0, 24) = 0 [ 56.887225][ T5214] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 56.887254][ T5214] I/O error, dev loop0, sector 240 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 56.914991][ T5214] Buffer I/O error on dev loop0, logical block 30, lost async page write [ 56.927461][ T5213] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5215] chdir("./47") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5215] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5215] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5216]}, 88) = 5216 ./strace-static-x86_64: Process 5216 attached [pid 5216] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], [pid 5216] <... rseq resumed>) = 0 [pid 5215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] set_robust_list(0x7f81bb1be9a0, 24 [pid 5215] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... set_robust_list resumed>) = 0 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5215] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5216] rt_sigprocmask(SIG_SETMASK, [], [pid 5215] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5216] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5217 attached [pid 5217] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5215] <... clone3 resumed> => {parent_tid=[5217]}, 88) = 5217 [pid 5217] <... rseq resumed>) = 0 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], [pid 5217] set_robust_list(0x7f81bb19d9a0, 24 [pid 5215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5217] <... set_robust_list resumed>) = 0 [pid 5215] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], [pid 5215] <... futex resumed>) = 0 [pid 5217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5215] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5217] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5217] <... futex resumed>) = 1 [pid 5215] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5215] <... futex resumed>) = 0 [pid 5217] <... mount resumed>) = 0 [pid 5215] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 1 [pid 5217] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5217] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5217] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5215] <... futex resumed>) = 0 [pid 5217] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5215] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... memfd_create resumed>) = 5 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5216] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5216] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5216] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5216] close(5) = 0 [pid 5216] mkdir("./file1", 0777) = 0 [ 56.999120][ T5216] syz-executor212[5216]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 57.009128][ T28] audit: type=1800 audit(1693866687.741:49): pid=5217 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.021959][ T5216] loop0: detected capacity change from 0 to 512 [pid 5216] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5216] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5216] chdir("./file1") = 0 [pid 5216] ioctl(6, LOOP_CLR_FD) = 0 [pid 5216] close(6) = 0 [pid 5216] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] exit_group(0 [pid 5216] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... futex resumed>) = ? [pid 5216] <... futex resumed>) = ? [pid 5215] <... exit_group resumed>) = ? [pid 5217] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 57.047532][ T5216] EXT4-fs (loop0): 1 orphan inode deleted [ 57.053304][ T5216] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.066026][ T5216] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/47/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached , child_tidptr=0x555556eda690) = 5220 [pid 5220] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5220] chdir("./48") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5220] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5220] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5221 attached [pid 5221] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5220] <... clone3 resumed> => {parent_tid=[5221]}, 88) = 5221 [pid 5221] set_robust_list(0x7f81bb1be9a0, 24 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5221] <... set_robust_list resumed>) = 0 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5220] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] memfd_create("syzkaller", 0 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.091784][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5220] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5221] <... memfd_create resumed>) = 3 [pid 5220] <... mprotect resumed>) = 0 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5221] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5222 attached [pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5222] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5220] <... clone3 resumed> => {parent_tid=[5222]}, 88) = 5222 [pid 5222] <... rseq resumed>) = 0 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5222] set_robust_list(0x7f81bb19d9a0, 24 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5222] <... set_robust_list resumed>) = 0 [pid 5220] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] <... futex resumed>) = 0 [pid 5222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5221] <... write resumed>) = 262144 [pid 5222] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... futex resumed>) = 0 [pid 5222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5220] <... futex resumed>) = 0 [pid 5222] <... mount resumed>) = 0 [pid 5220] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... futex resumed>) = 1 [pid 5222] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5222] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5222] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5220] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5222] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... futex resumed>) = 0 [pid 5221] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5221] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] mkdir("./file1", 0777) = 0 [ 57.130767][ T5221] syz-executor212[5221]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 57.147937][ T28] audit: type=1800 audit(1693866687.891:50): pid=5222 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.169730][ T5221] loop0: detected capacity change from 0 to 512 [pid 5221] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5221] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./file1") = 0 [pid 5221] ioctl(6, LOOP_CLR_FD) = 0 [pid 5221] close(6) = 0 [pid 5221] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] exit_group(0) = ? [pid 5221] +++ exited with 0 +++ [pid 5222] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 57.187835][ T5221] EXT4-fs (loop0): 1 orphan inode deleted [ 57.193773][ T5221] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.206704][ T5221] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/48/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5225 attached , child_tidptr=0x555556eda690) = 5225 [pid 5225] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5225] chdir("./49") = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5225] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5225] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5226 attached [pid 5226] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5225] <... clone3 resumed> => {parent_tid=[5226]}, 88) = 5226 [pid 5226] <... rseq resumed>) = 0 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], [pid 5226] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5226] rt_sigprocmask(SIG_SETMASK, [], [pid 5225] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] <... futex resumed>) = 0 [pid 5226] memfd_create("syzkaller", 0 [pid 5225] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5225] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5227]}, 88) = 5227 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 57.238481][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5225] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5227 attached [pid 5227] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5227] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5227] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5227] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... memfd_create resumed>) = 4 [pid 5227] <... futex resumed>) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5227] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5227] <... futex resumed>) = 1 [pid 5225] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5226] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5225] <... futex resumed>) = 0 [pid 5227] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... futex resumed>) = 0 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5227] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] <... futex resumed>) = 0 [pid 5227] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5225] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5227] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5227] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5226] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5226] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5226] close(4) = 0 [pid 5226] mkdir("./file1", 0777) = 0 [ 57.288168][ T5226] syz-executor212[5226]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 57.294569][ T28] audit: type=1800 audit(1693866688.031:51): pid=5227 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.325576][ T5226] loop0: detected capacity change from 0 to 512 [pid 5226] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5226] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5226] chdir("./file1") = 0 [pid 5226] ioctl(6, LOOP_CLR_FD) = 0 [pid 5226] close(6) = 0 [pid 5226] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] exit_group(0 [pid 5227] <... futex resumed>) = ? [pid 5226] <... futex resumed>) = ? [pid 5225] <... exit_group resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/bus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 57.348422][ T5226] EXT4-fs (loop0): 1 orphan inode deleted [ 57.354385][ T5226] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.367332][ T5226] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/49/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5231 attached , child_tidptr=0x555556eda690) = 5231 [pid 5231] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5231] chdir("./50") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5231] write(3, "1000", 4) = 4 [pid 5231] close(3) = 0 [pid 5231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5231] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5231] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5232 attached [pid 5232] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5231] <... clone3 resumed> => {parent_tid=[5232]}, 88) = 5232 [pid 5232] <... rseq resumed>) = 0 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], [pid 5232] set_robust_list(0x7f81bb1be9a0, 24 [pid 5231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5232] <... set_robust_list resumed>) = 0 [pid 5231] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], [pid 5231] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 57.396570][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5232] memfd_create("syzkaller", 0 [pid 5231] <... futex resumed>) = 0 [pid 5231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5231] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5233]}, 88) = 5233 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5231] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5233 attached [pid 5233] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5233] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5232] <... memfd_create resumed>) = 3 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5233] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5233] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5232] <... write resumed>) = 262144 [pid 5233] <... mount resumed>) = 0 [pid 5232] munmap(0x7f81b2d7d000, 262144 [pid 5231] <... futex resumed>) = 1 [pid 5231] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5231] <... futex resumed>) = 0 [pid 5233] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5231] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... open resumed>) = 5 [pid 5233] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5233] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5231] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5231] <... futex resumed>) = 0 [pid 5233] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... munmap resumed>) = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5232] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5232] close(3) = 0 [pid 5232] mkdir("./file1", 0777) = 0 [ 57.446891][ T5232] syz-executor212[5232]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 57.460818][ T28] audit: type=1800 audit(1693866688.201:52): pid=5233 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.485428][ T5232] loop0: detected capacity change from 0 to 512 [pid 5232] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5232] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5232] chdir("./file1") = 0 [pid 5232] ioctl(6, LOOP_CLR_FD) = 0 [pid 5232] close(6) = 0 [pid 5232] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] exit_group(0 [pid 5233] <... futex resumed>) = ? [pid 5231] <... exit_group resumed>) = ? [pid 5233] +++ exited with 0 +++ [pid 5232] <... futex resumed>) = ? [pid 5232] +++ exited with 0 +++ [pid 5231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5231, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/bus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 57.498099][ T5232] EXT4-fs (loop0): 1 orphan inode deleted [ 57.503855][ T5232] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.516405][ T5232] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/50/file1 supports timestamps until 2038-01-19 (0x7fffffff) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 57.541922][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached , child_tidptr=0x555556eda690) = 5236 [pid 5236] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5236] chdir("./51") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5236] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5236] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5237 attached => {parent_tid=[5237]}, 88) = 5237 [pid 5237] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5236] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5237] <... rseq resumed>) = 0 [pid 5236] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5237] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5236] <... mprotect resumed>) = 0 [pid 5236] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5237] memfd_create("syzkaller", 0 [pid 5236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5238]}, 88) = 5238 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5236] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5238 attached [pid 5238] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5238] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5238] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5237] <... memfd_create resumed>) = 4 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5237] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5238] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5238] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5238] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5236] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... mount resumed>) = 0 [pid 5238] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5238] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5238] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5236] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... open resumed>) = 5 [pid 5238] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 1 [pid 5238] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5236] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5236] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... write resumed>) = 262144 [pid 5237] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5237] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5237] close(4) = 0 [pid 5237] mkdir("./file1", 0777) = 0 [ 57.597622][ T5237] syz-executor212[5237]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 57.600091][ T28] audit: type=1800 audit(1693866688.341:53): pid=5238 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.632098][ T5237] loop0: detected capacity change from 0 to 512 [pid 5237] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5237] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5237] chdir("./file1") = 0 [pid 5237] ioctl(6, LOOP_CLR_FD) = 0 [pid 5237] close(6) = 0 [pid 5237] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] exit_group(0 [pid 5238] <... futex resumed>) = ? [pid 5236] <... exit_group resumed>) = ? [pid 5237] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/bus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 57.648234][ T5237] EXT4-fs (loop0): 1 orphan inode deleted [ 57.654150][ T5237] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.667059][ T5237] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/51/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5241 ./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5241] chdir("./52") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5241] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5241] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5242 attached [pid 5242] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5241] <... clone3 resumed> => {parent_tid=[5242]}, 88) = 5242 [pid 5242] <... rseq resumed>) = 0 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5242] set_robust_list(0x7f81bb1be9a0, 24 [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5242] <... set_robust_list resumed>) = 0 [pid 5241] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] <... futex resumed>) = 0 [pid 5242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5241] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] memfd_create("syzkaller", 0 [pid 5241] <... futex resumed>) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5242] <... memfd_create resumed>) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5241] <... mmap resumed>) = 0x7f81bb17d000 [pid 5242] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5241] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5243 attached [pid 5243] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5241] <... clone3 resumed> => {parent_tid=[5243]}, 88) = 5243 [pid 5243] <... rseq resumed>) = 0 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5243] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5241] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [ 57.697689][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.731892][ T5242] syz-executor212[5242]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5243] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5241] <... futex resumed>) = 0 [pid 5243] <... open resumed>) = 4 [pid 5241] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] <... write resumed>) = 262144 [pid 5242] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5242] ioctl(5, LOOP_SET_FD, 3 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 0 [pid 5243] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5243] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5242] <... ioctl resumed>) = 0 [pid 5242] close(3) = 0 [pid 5242] mkdir("./file1", 0777) = 0 [pid 5242] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5243] <... open resumed>) = 3 [pid 5243] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5242] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5243] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5243] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] ioctl(5, LOOP_CLR_FD) = 0 [pid 5242] close(5) = 0 [pid 5242] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] exit_group(0) = ? [pid 5243] <... futex resumed>) = ? [pid 5242] <... futex resumed>) = ? [pid 5243] +++ exited with 0 +++ [pid 5242] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/bus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached , child_tidptr=0x555556eda690) = 5244 [pid 5244] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5244] chdir("./53") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5244] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5245]}, 88) = 5245 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5245 attached NULL, 8) = 0 [pid 5244] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5244] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5245] set_robust_list(0x7f81bb1be9a0, 24 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5245] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5246 attached [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] <... rseq resumed>) = 0 [ 57.747579][ T28] audit: type=1800 audit(1693866688.491:54): pid=5243 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.757290][ T5242] loop0: detected capacity change from 0 to 512 [ 57.777363][ T5242] EXT4-fs (loop0): Magic mismatch, very weird! [pid 5246] set_robust_list(0x7f81bb19d9a0, 24 [pid 5245] memfd_create("syzkaller", 0 [pid 5244] <... clone3 resumed> => {parent_tid=[5246]}, 88) = 5246 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5244] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... set_robust_list resumed>) = 0 [pid 5245] <... memfd_create resumed>) = 3 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5246] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5245] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5246] <... open resumed>) = 4 [pid 5246] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5246] <... mount resumed>) = 0 [pid 5246] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... write resumed>) = 262144 [pid 5246] <... futex resumed>) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] munmap(0x7f81b2d7d000, 262144 [pid 5246] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... open resumed>) = 5 [pid 5246] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5246] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5246] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5245] <... munmap resumed>) = 0 [pid 5244] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5246] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... openat resumed>) = 6 [pid 5245] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5245] close(3) = 0 [pid 5245] mkdir("./file1", 0777) = 0 [ 57.822670][ T5245] syz-executor212[5245]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 57.837473][ T28] audit: type=1800 audit(1693866688.581:55): pid=5246 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 57.862968][ T5245] loop0: detected capacity change from 0 to 512 [pid 5245] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5245] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5245] chdir("./file1") = 0 [pid 5245] ioctl(6, LOOP_CLR_FD) = 0 [pid 5245] close(6) = 0 [pid 5245] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] exit_group(0 [pid 5246] <... futex resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] <... futex resumed>) = ? [pid 5244] <... exit_group resumed>) = ? [pid 5245] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/bus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 57.877619][ T5245] EXT4-fs (loop0): 1 orphan inode deleted [ 57.883378][ T5245] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.896263][ T5245] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/53/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5249 attached [pid 5249] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5249] chdir("./54" [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5249 [pid 5249] <... chdir resumed>) = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5249] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5249] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5250 attached => {parent_tid=[5250]}, 88) = 5250 [pid 5250] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5250] <... rseq resumed>) = 0 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] set_robust_list(0x7f81bb1be9a0, 24 [pid 5249] <... futex resumed>) = 0 [pid 5250] <... set_robust_list resumed>) = 0 [pid 5249] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] <... futex resumed>) = 0 [pid 5250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5250] memfd_create("syzkaller", 0 [pid 5249] <... mmap resumed>) = 0x7f81bb17d000 [pid 5249] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5250] <... memfd_create resumed>) = 3 [pid 5249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5251 attached ) = 0x7f81b2d7d000 [pid 5251] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5249] <... clone3 resumed> => {parent_tid=[5251]}, 88) = 5251 [pid 5251] <... rseq resumed>) = 0 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5251] set_robust_list(0x7f81bb19d9a0, 24 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] <... set_robust_list resumed>) = 0 [pid 5249] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] <... futex resumed>) = 0 [pid 5251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5250] <... write resumed>) = 262144 [pid 5250] munmap(0x7f81b2d7d000, 262144) = 0 [ 57.925162][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.967645][ T5250] syz-executor212[5250]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5251] <... open resumed>) = 4 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5250] ioctl(5, LOOP_SET_FD, 3 [pid 5251] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... ioctl resumed>) = 0 [pid 5249] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5251] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5249] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] close(3) = 0 [pid 5251] <... mount resumed>) = 0 [pid 5249] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] mkdir("./file1", 0777 [pid 5251] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... mkdir resumed>) = 0 [pid 5250] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5251] <... futex resumed>) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5251] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5249] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... open resumed>) = 3 [pid 5249] <... futex resumed>) = 0 [pid 5251] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 0 [pid 5249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5249] <... futex resumed>) = 0 [pid 5251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5249] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... write resumed>) = 262144 [pid 5251] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = 0 [ 57.984549][ T28] audit: type=1800 audit(1693866688.721:56): pid=5251 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 58.005261][ T5250] loop0: detected capacity change from 0 to 512 [pid 5250] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5250] ioctl(5, LOOP_CLR_FD) = 0 [pid 5250] close(5) = 0 [pid 5250] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] exit_group(0) = ? [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5251] <... futex resumed>) = ? [pid 5251] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/bus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 [ 58.025672][ T5250] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x555556eda690) = 5252 [pid 5252] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5252] chdir("./55") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5252] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5253 attached [pid 5253] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5252] <... clone3 resumed> => {parent_tid=[5253]}, 88) = 5253 [pid 5253] <... rseq resumed>) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], [pid 5253] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5253] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5252] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5252] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] memfd_create("syzkaller", 0 [pid 5252] <... futex resumed>) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5253] <... memfd_create resumed>) = 3 [pid 5252] <... mmap resumed>) = 0x7f81bb17d000 [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5252] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5253] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5252] <... mprotect resumed>) = 0 [pid 5252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5252] <... clone3 resumed> => {parent_tid=[5254]}, 88) = 5254 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5252] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5254 attached [pid 5254] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5254] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5254] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5253] <... write resumed>) = 262144 [pid 5254] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] munmap(0x7f81b2d7d000, 262144 [pid 5254] <... futex resumed>) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5253] <... munmap resumed>) = 0 [pid 5252] <... futex resumed>) = 0 [pid 5254] <... mount resumed>) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5252] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5252] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... openat resumed>) = 5 [pid 5254] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5252] <... futex resumed>) = 0 [pid 5254] <... open resumed>) = 6 [pid 5253] ioctl(5, LOOP_SET_FD, 3 [pid 5252] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5252] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5252] <... futex resumed>) = 0 [pid 5253] <... ioctl resumed>) = 0 [pid 5252] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] close(3) = 0 [pid 5253] mkdir("./file1", 0777) = 0 [pid 5253] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5254] <... write resumed>) = -1 EIO (Input/output error) [pid 5254] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5254] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5253] ioctl(5, LOOP_CLR_FD) = 0 [pid 5253] close(5) = 0 [pid 5253] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] exit_group(0) = ? [pid 5253] <... futex resumed>) = ? [pid 5254] <... futex resumed>) = ? [pid 5254] +++ exited with 0 +++ [pid 5253] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/bus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5255 ./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5255] chdir("./56") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [ 58.106777][ T5253] loop0: detected capacity change from 0 to 512 [ 58.110599][ T5254] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 58.123325][ T5254] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 58.136371][ T5253] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5255] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5256 attached => {parent_tid=[5256]}, 88) = 5256 [pid 5256] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5255] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5256] <... rseq resumed>) = 0 [pid 5256] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] <... mprotect resumed>) = 0 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5256] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5257 attached [pid 5255] <... clone3 resumed> => {parent_tid=[5257]}, 88) = 5257 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5255] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] set_robust_list(0x7f81bb19d9a0, 24 [pid 5256] <... memfd_create resumed>) = 3 [pid 5257] <... set_robust_list resumed>) = 0 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5257] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5256] <... write resumed>) = 262144 [pid 5256] munmap(0x7f81b2d7d000, 262144 [pid 5255] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5257] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5255] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... mount resumed>) = 0 [pid 5256] <... munmap resumed>) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5257] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... openat resumed>) = 5 [pid 5256] ioctl(5, LOOP_SET_FD, 3 [pid 5255] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 1 [pid 5255] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5255] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... open resumed>) = 6 [pid 5257] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 1 [pid 5257] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5255] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] <... ioctl resumed>) = 0 [pid 5255] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] close(3) = 0 [pid 5256] mkdir("./file1", 0777) = 0 [pid 5256] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5257] <... write resumed>) = -1 EIO (Input/output error) [pid 5257] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5257] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5256] ioctl(5, LOOP_CLR_FD) = 0 [pid 5256] close(5) = 0 [pid 5256] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] exit_group(0 [pid 5256] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5255] <... exit_group resumed>) = ? [pid 5257] <... futex resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/bus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x555556eda6a0, 24) = 0 [ 58.197553][ T5256] loop0: detected capacity change from 0 to 512 [ 58.202766][ T5257] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 58.214937][ T5257] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 58.227967][ T5256] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5258 [pid 5258] chdir("./57") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5258] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5258] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5259 attached => {parent_tid=[5259]}, 88) = 5259 [pid 5259] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5259] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5259] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5258] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5258] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5259] memfd_create("syzkaller", 0 [pid 5258] <... mprotect resumed>) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5259] <... memfd_create resumed>) = 3 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5258] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5260 attached => {parent_tid=[5260]}, 88) = 5260 [pid 5260] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5260] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5258] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... open resumed>) = 4 [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5260] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5260] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] <... futex resumed>) = 0 [pid 5260] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5258] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... mount resumed>) = 0 [pid 5260] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 0 [pid 5260] <... futex resumed>) = 1 [pid 5260] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5258] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... open resumed>) = 5 [pid 5259] <... write resumed>) = 262144 [pid 5258] <... futex resumed>) = 0 [pid 5259] munmap(0x7f81b2d7d000, 262144 [pid 5260] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... munmap resumed>) = 0 [pid 5258] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5260] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5258] <... futex resumed>) = 0 [pid 5260] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5258] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... openat resumed>) = 6 [pid 5259] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5259] close(3) = 0 [pid 5259] mkdir("./file1", 0777) = 0 [ 58.299206][ T5259] loop0: detected capacity change from 0 to 512 [ 58.318352][ T5259] EXT4-fs (loop0): 1 orphan inode deleted [ 58.324215][ T5259] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.337293][ T5259] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/57/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5259] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5259] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5259] chdir("./file1") = 0 [pid 5259] ioctl(6, LOOP_CLR_FD) = 0 [pid 5259] close(6) = 0 [pid 5259] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] exit_group(0 [pid 5260] <... futex resumed>) = ? [pid 5259] <... futex resumed>) = ? [pid 5258] <... exit_group resumed>) = ? [pid 5259] +++ exited with 0 +++ [pid 5260] +++ exited with 0 +++ [pid 5258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/bus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5263 ./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5263] chdir("./58") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5263] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5264]}, 88) = 5264 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5263] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5264 attached [pid 5264] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5264] set_robust_list(0x7f81bb1be9a0, 24 [pid 5263] <... mprotect resumed>) = 0 [pid 5264] <... set_robust_list resumed>) = 0 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5264] memfd_create("syzkaller", 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5264] <... memfd_create resumed>) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 ./strace-static-x86_64: Process 5265 attached [pid 5263] <... clone3 resumed> => {parent_tid=[5265]}, 88) = 5265 [pid 5265] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5265] set_robust_list(0x7f81bb19d9a0, 24 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5265] <... set_robust_list resumed>) = 0 [pid 5263] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] rt_sigprocmask(SIG_SETMASK, [], [pid 5263] <... futex resumed>) = 0 [pid 5265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5263] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5265] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... futex resumed>) = 1 [pid 5265] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5265] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5265] <... futex resumed>) = 1 [pid 5265] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5265] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5265] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5265] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5265] <... futex resumed>) = 1 [pid 5265] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... write resumed>) = 262144 [pid 5264] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 58.367956][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5264] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] mkdir("./file1", 0777) = 0 [pid 5264] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5264] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file1") = 0 [pid 5264] ioctl(6, LOOP_CLR_FD) = 0 [pid 5264] close(6) = 0 [pid 5264] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] exit_group(0) = ? [pid 5265] <... futex resumed>) = ? [pid 5264] <... futex resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5265] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/bus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 58.419125][ T5264] loop0: detected capacity change from 0 to 512 [ 58.438127][ T5264] EXT4-fs (loop0): 1 orphan inode deleted [ 58.443941][ T5264] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.457148][ T5264] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/58/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5268 attached , child_tidptr=0x555556eda690) = 5268 [pid 5268] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5268] chdir("./59") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5268] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5269 attached [pid 5269] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5268] <... clone3 resumed> => {parent_tid=[5269]}, 88) = 5269 [pid 5269] <... rseq resumed>) = 0 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], [pid 5269] set_robust_list(0x7f81bb1be9a0, 24 [pid 5268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5269] <... set_robust_list resumed>) = 0 [pid 5268] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] <... futex resumed>) = 0 [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5268] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] memfd_create("syzkaller", 0 [pid 5268] <... futex resumed>) = 0 [pid 5269] <... memfd_create resumed>) = 3 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5268] <... mmap resumed>) = 0x7f81bb17d000 [pid 5268] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5269] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5268] <... mprotect resumed>) = 0 [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5270 attached => {parent_tid=[5270]}, 88) = 5270 [pid 5270] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], [pid 5270] <... rseq resumed>) = 0 [pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5270] set_robust_list(0x7f81bb19d9a0, 24 [pid 5268] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... set_robust_list resumed>) = 0 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] <... futex resumed>) = 0 [pid 5270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5268] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5269] <... write resumed>) = 262144 [pid 5269] munmap(0x7f81b2d7d000, 262144 [pid 5270] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... munmap resumed>) = 0 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 1 [pid 5270] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5270] <... mount resumed>) = 0 [ 58.490103][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5270] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... openat resumed>) = 5 [pid 5268] <... futex resumed>) = 0 [pid 5269] ioctl(5, LOOP_SET_FD, 3 [pid 5268] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 1 [pid 5270] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... open resumed>) = 6 [pid 5270] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 1 [pid 5270] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5269] <... ioctl resumed>) = 0 [pid 5269] close(3) = 0 [pid 5269] mkdir("./file1", 0777) = 0 [pid 5269] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5270] <... write resumed>) = -1 EIO (Input/output error) [pid 5270] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = 0 [pid 5269] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5269] ioctl(5, LOOP_CLR_FD) = 0 [pid 5269] close(5) = 0 [pid 5269] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] exit_group(0) = ? [pid 5269] <... futex resumed>) = ? [pid 5269] +++ exited with 0 +++ [pid 5270] <... futex resumed>) = ? [pid 5270] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/bus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5271 ./strace-static-x86_64: Process 5271 attached [pid 5271] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5271] chdir("./60") = 0 [pid 5271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5271] setpgid(0, 0) = 0 [pid 5271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5271] write(3, "1000", 4) = 4 [pid 5271] close(3) = 0 [pid 5271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5271] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5271] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5271] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 58.534045][ T5269] loop0: detected capacity change from 0 to 512 [ 58.539197][ T5270] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 58.550724][ T5270] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 58.563476][ T5269] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5272 attached [pid 5272] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5271] <... clone3 resumed> => {parent_tid=[5272]}, 88) = 5272 [pid 5272] <... rseq resumed>) = 0 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], [pid 5272] set_robust_list(0x7f81bb1be9a0, 24 [pid 5271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... set_robust_list resumed>) = 0 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] <... futex resumed>) = 0 [pid 5272] memfd_create("syzkaller", 0 [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5272] <... memfd_create resumed>) = 3 [pid 5271] <... mmap resumed>) = 0x7f81bb17d000 [pid 5272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5271] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5271] <... mprotect resumed>) = 0 [pid 5271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5273 attached [pid 5272] <... write resumed>) = 262144 [pid 5271] <... clone3 resumed> => {parent_tid=[5273]}, 88) = 5273 [pid 5273] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], [pid 5273] <... rseq resumed>) = 0 [pid 5271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5272] munmap(0x7f81b2d7d000, 262144 [pid 5271] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] set_robust_list(0x7f81bb19d9a0, 24 [pid 5271] <... futex resumed>) = 0 [pid 5273] <... set_robust_list resumed>) = 0 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], [pid 5271] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5273] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5272] <... munmap resumed>) = 0 [pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5273] <... open resumed>) = 5 [pid 5272] <... openat resumed>) = 4 [pid 5273] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5272] ioctl(4, LOOP_SET_FD, 3 [pid 5271] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5271] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... mount resumed>) = 0 [pid 5273] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5273] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5273] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] <... futex resumed>) = 1 [pid 5271] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5271] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5273] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5271] <... futex resumed>) = 1 [pid 5271] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... ioctl resumed>) = 0 [pid 5272] close(3) = 0 [pid 5272] mkdir("./file1", 0777) = 0 [pid 5272] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5273] <... write resumed>) = 262144 [pid 5273] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5273] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5272] ioctl(4, LOOP_CLR_FD) = 0 [pid 5272] close(4) = 0 [pid 5272] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] exit_group(0 [pid 5273] <... futex resumed>) = ? [pid 5272] <... futex resumed>) = ? [pid 5273] +++ exited with 0 +++ [pid 5272] +++ exited with 0 +++ [pid 5271] <... exit_group resumed>) = ? [pid 5271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5271, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/bus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5274 ./strace-static-x86_64: Process 5274 attached [pid 5274] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5274] chdir("./61") = 0 [pid 5274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5274] setpgid(0, 0) = 0 [pid 5274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5274] write(3, "1000", 4) = 4 [pid 5274] close(3) = 0 [pid 5274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5274] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5274] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5274] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5275 attached => {parent_tid=[5275]}, 88) = 5275 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.630727][ T5272] loop0: detected capacity change from 0 to 512 [ 58.645741][ T5272] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5274] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5274] <... futex resumed>) = 0 [pid 5275] <... rseq resumed>) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5275] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5274] <... mmap resumed>) = 0x7f81bb17d000 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5275] memfd_create("syzkaller", 0 [pid 5274] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5275] <... memfd_create resumed>) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5274] <... mprotect resumed>) = 0 [pid 5274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5276 attached => {parent_tid=[5276]}, 88) = 5276 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... rseq resumed>) = 0 [pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5276] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5276] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5276] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5276] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5274] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... write resumed>) = 262144 [pid 5275] munmap(0x7f81b2d7d000, 262144 [pid 5276] <... mount resumed>) = 0 [pid 5276] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5276] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5274] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... munmap resumed>) = 0 [pid 5274] <... futex resumed>) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5274] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... open resumed>) = 6 [pid 5275] <... openat resumed>) = 5 [pid 5276] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] ioctl(5, LOOP_SET_FD, 3 [pid 5276] <... futex resumed>) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5276] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5276] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5275] <... ioctl resumed>) = 0 [pid 5274] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] close(3) = 0 [pid 5275] mkdir("./file1", 0777) = 0 [pid 5275] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5276] <... write resumed>) = -1 EIO (Input/output error) [pid 5276] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5276] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5275] ioctl(5, LOOP_CLR_FD) = 0 [pid 5275] close(5) = 0 [pid 5275] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] exit_group(0 [pid 5275] <... futex resumed>) = ? [pid 5274] <... exit_group resumed>) = ? [pid 5275] +++ exited with 0 +++ [pid 5276] <... futex resumed>) = ? [pid 5276] +++ exited with 0 +++ [pid 5274] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5274, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/bus") = 0 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 58.708667][ T5275] loop0: detected capacity change from 0 to 512 [ 58.712830][ T5276] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 58.726346][ T5276] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 58.739908][ T5275] EXT4-fs (loop0): VFS: Can't find ext4 filesystem close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5277 attached , child_tidptr=0x555556eda690) = 5277 [pid 5277] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5277] chdir("./62") = 0 [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5277] write(3, "1000", 4) = 4 [pid 5277] close(3) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5277] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5277] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5278 attached [pid 5278] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5277] <... clone3 resumed> => {parent_tid=[5278]}, 88) = 5278 [pid 5278] <... rseq resumed>) = 0 [pid 5278] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] memfd_create("syzkaller", 0 [pid 5277] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... memfd_create resumed>) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5277] <... futex resumed>) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5278] <... mmap resumed>) = 0x7f81b2d9e000 [pid 5277] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5277] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5277] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} => {parent_tid=[5279]}, 88) = 5279 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5277] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5279 attached [pid 5279] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5278] <... write resumed>) = 262144 [pid 5279] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5278] munmap(0x7f81b2d9e000, 262144 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5278] <... munmap resumed>) = 0 [pid 5279] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5278] ioctl(5, LOOP_SET_FD, 3 [pid 5279] <... open resumed>) = 4 [pid 5279] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = 1 [pid 5279] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5279] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5279] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5277] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... open resumed>) = 6 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5279] <... futex resumed>) = 1 [pid 5277] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... ioctl resumed>) = 0 [pid 5278] close(3) = 0 [pid 5278] mkdir("./file1", 0777) = 0 [pid 5278] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5279] <... write resumed>) = 262144 [pid 5279] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5279] <... futex resumed>) = 1 [pid 5279] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5278] ioctl(5, LOOP_CLR_FD) = 0 [pid 5278] close(5) = 0 [pid 5278] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] exit_group(0) = ? [pid 5278] <... futex resumed>) = ? [pid 5278] +++ exited with 0 +++ [pid 5279] <... futex resumed>) = ? [pid 5279] +++ exited with 0 +++ [pid 5277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5277, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/bus") = 0 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5280 attached , child_tidptr=0x555556eda690) = 5280 [pid 5280] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5280] chdir("./63") = 0 [pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5280] setpgid(0, 0) = 0 [pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5280] write(3, "1000", 4) = 4 [pid 5280] close(3) = 0 [pid 5280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5280] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5280] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5280] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5280] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 58.810216][ T5278] loop0: detected capacity change from 0 to 512 [ 58.823874][ T5278] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5281]}, 88) = 5281 ./strace-static-x86_64: Process 5281 attached [pid 5281] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5281] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5281] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] <... futex resumed>) = 0 [pid 5281] memfd_create("syzkaller", 0 [pid 5280] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5281] <... memfd_create resumed>) = 3 [pid 5280] <... mmap resumed>) = 0x7f81bb17d000 [pid 5281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5280] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5280] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5280] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5282 attached [pid 5282] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5280] <... clone3 resumed> => {parent_tid=[5282]}, 88) = 5282 [pid 5282] <... rseq resumed>) = 0 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], [pid 5282] set_robust_list(0x7f81bb19d9a0, 24 [pid 5280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] <... set_robust_list resumed>) = 0 [pid 5280] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5281] <... write resumed>) = 262144 [pid 5280] <... futex resumed>) = 0 [pid 5281] munmap(0x7f81b2d7d000, 262144 [pid 5282] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5280] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... munmap resumed>) = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5282] <... open resumed>) = 4 [pid 5281] <... openat resumed>) = 5 [pid 5281] ioctl(5, LOOP_SET_FD, 3 [pid 5282] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... ioctl resumed>) = 0 [pid 5281] close(3) = 0 [pid 5281] mkdir("./file1", 0777 [pid 5282] <... futex resumed>) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... mount resumed>) = 0 [pid 5282] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5280] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5280] <... futex resumed>) = 0 [pid 5282] <... open resumed>) = 3 [pid 5280] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... mkdir resumed>) = 0 [pid 5281] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5282] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5280] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... write resumed>) = 262144 [pid 5282] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5282] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5281] ioctl(5, LOOP_CLR_FD) = 0 [pid 5281] close(5) = 0 [pid 5281] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] exit_group(0 [pid 5282] <... futex resumed>) = ? [pid 5281] <... futex resumed>) = ? [pid 5280] <... exit_group resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ [pid 5280] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5280, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/bus") = 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5283 ./strace-static-x86_64: Process 5283 attached [ 58.883986][ T5281] loop0: detected capacity change from 0 to 512 [ 58.899138][ T5281] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5283] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5283] chdir("./64") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5283] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5283] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5284 attached [pid 5284] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5284] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5284] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... clone3 resumed> => {parent_tid=[5284]}, 88) = 5284 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5283] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5284] memfd_create("syzkaller", 0) = 3 [pid 5283] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5283] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5285 attached [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5285] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5284] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5285] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] <... clone3 resumed> => {parent_tid=[5285]}, 88) = 5285 [pid 5285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5285] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5283] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5285] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5283] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5285] <... open resumed>) = 4 [pid 5285] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5285] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5283] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... mount resumed>) = 0 [pid 5284] <... write resumed>) = 262144 [pid 5283] <... futex resumed>) = 0 [pid 5284] munmap(0x7f81b2d7d000, 262144 [pid 5283] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5285] <... futex resumed>) = 0 [pid 5283] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5284] <... munmap resumed>) = 0 [pid 5283] <... futex resumed>) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5285] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... openat resumed>) = 6 [pid 5283] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5285] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] ioctl(6, LOOP_SET_FD, 3 [pid 5285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5284] <... ioctl resumed>) = 0 [pid 5283] <... futex resumed>) = 0 [pid 5285] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5283] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] close(3) = 0 [pid 5284] mkdir("./file1", 0777) = 0 [pid 5284] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5285] <... write resumed>) = 262144 [pid 5285] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5285] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5284] ioctl(6, LOOP_CLR_FD) = 0 [pid 5284] close(6) = 0 [pid 5284] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] exit_group(0 [pid 5285] <... futex resumed>) = ? [pid 5284] <... futex resumed>) = ? [pid 5283] <... exit_group resumed>) = ? [pid 5285] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ [pid 5283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/bus") = 0 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5286 attached , child_tidptr=0x555556eda690) = 5286 [pid 5286] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5286] chdir("./65") = 0 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5286] setpgid(0, 0) = 0 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5286] write(3, "1000", 4) = 4 [pid 5286] close(3) = 0 [pid 5286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5286] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5286] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [ 58.965240][ T5284] loop0: detected capacity change from 0 to 512 [ 58.978698][ T5284] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5286] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5287 attached => {parent_tid=[5287]}, 88) = 5287 [pid 5287] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5287] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], [pid 5286] rt_sigprocmask(SIG_SETMASK, [], [pid 5287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5287] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5286] <... futex resumed>) = 1 [pid 5287] memfd_create("syzkaller", 0 [pid 5286] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... memfd_create resumed>) = 3 [pid 5286] <... futex resumed>) = 0 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5286] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5288 attached [pid 5288] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5286] <... clone3 resumed> => {parent_tid=[5288]}, 88) = 5288 [pid 5288] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], [pid 5288] <... set_robust_list resumed>) = 0 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5286] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... open resumed>) = 4 [pid 5287] <... write resumed>) = 262144 [pid 5287] munmap(0x7f81b2d9e000, 262144 [pid 5288] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = 1 [pid 5286] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5286] <... futex resumed>) = 0 [pid 5287] <... munmap resumed>) = 0 [pid 5286] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5288] <... mount resumed>) = 0 [pid 5287] ioctl(5, LOOP_SET_FD, 3 [pid 5288] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = 1 [pid 5286] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... ioctl resumed>) = 0 [pid 5287] close(3 [pid 5288] <... open resumed>) = 6 [pid 5287] <... close resumed>) = 0 [pid 5287] mkdir("./file1", 0777 [pid 5288] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5288] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5286] <... futex resumed>) = 0 [pid 5288] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5286] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... mkdir resumed>) = 0 [pid 5287] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5288] <... write resumed>) = 262144 [pid 5288] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5288] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5287] ioctl(5, LOOP_CLR_FD) = 0 [pid 5287] close(5) = 0 [pid 5287] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] exit_group(0) = ? [pid 5287] <... futex resumed>) = ? [pid 5287] +++ exited with 0 +++ [pid 5288] <... futex resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5286, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/bus") = 0 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5289 attached , child_tidptr=0x555556eda690) = 5289 [pid 5289] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5289] chdir("./66") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [ 59.043065][ T5287] loop0: detected capacity change from 0 to 512 [ 59.068904][ T5287] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5289] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5290 attached [pid 5290] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5289] <... clone3 resumed> => {parent_tid=[5290]}, 88) = 5290 [pid 5290] <... rseq resumed>) = 0 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], [pid 5290] set_robust_list(0x7f81bb1be9a0, 24 [pid 5289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5290] <... set_robust_list resumed>) = 0 [pid 5289] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] rt_sigprocmask(SIG_SETMASK, [], [pid 5289] <... futex resumed>) = 0 [pid 5290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5289] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] memfd_create("syzkaller", 0 [pid 5289] <... futex resumed>) = 0 [pid 5290] <... memfd_create resumed>) = 3 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5289] <... mmap resumed>) = 0x7f81bb17d000 [pid 5290] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5289] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5291 attached [pid 5291] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5289] <... clone3 resumed> => {parent_tid=[5291]}, 88) = 5291 [pid 5291] <... rseq resumed>) = 0 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], [pid 5291] set_robust_list(0x7f81bb19d9a0, 24 [pid 5289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5291] <... set_robust_list resumed>) = 0 [pid 5289] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5289] <... futex resumed>) = 0 [pid 5291] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5289] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] <... open resumed>) = 4 [pid 5290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5291] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] <... futex resumed>) = 1 [pid 5291] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5291] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] <... futex resumed>) = 1 [pid 5291] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5291] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] <... futex resumed>) = 1 [pid 5291] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5290] <... write resumed>) = 262144 [pid 5290] munmap(0x7f81b2d7d000, 262144 [pid 5291] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5291] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] <... munmap resumed>) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5290] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] mkdir("./file1", 0777) = 0 [pid 5290] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5290] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./file1") = 0 [pid 5290] ioctl(6, LOOP_CLR_FD) = 0 [pid 5290] close(6) = 0 [pid 5290] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] exit_group(0) = ? [pid 5291] <... futex resumed>) = ? [pid 5290] <... futex resumed>) = ? [pid 5291] +++ exited with 0 +++ [pid 5290] +++ exited with 0 +++ [pid 5289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 59.139220][ T5290] loop0: detected capacity change from 0 to 512 [ 59.158190][ T5290] EXT4-fs (loop0): 1 orphan inode deleted [ 59.163983][ T5290] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.177192][ T5290] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/66/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/bus") = 0 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5294 attached [pid 5294] set_robust_list(0x555556eda6a0, 24 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5294 [pid 5294] <... set_robust_list resumed>) = 0 [pid 5294] chdir("./67") = 0 [pid 5294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5294] setpgid(0, 0) = 0 [pid 5294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5294] write(3, "1000", 4) = 4 [pid 5294] close(3) = 0 [pid 5294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5294] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5294] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5294] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5295 attached [pid 5295] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5294] <... clone3 resumed> => {parent_tid=[5295]}, 88) = 5295 [pid 5295] <... rseq resumed>) = 0 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], [pid 5295] set_robust_list(0x7f81bb1be9a0, 24 [pid 5294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5295] <... set_robust_list resumed>) = 0 [pid 5294] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] <... futex resumed>) = 0 [pid 5295] memfd_create("syzkaller", 0 [pid 5294] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5295] <... memfd_create resumed>) = 3 [pid 5294] <... mmap resumed>) = 0x7f81bb17d000 [pid 5294] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5294] <... mprotect resumed>) = 0 [pid 5295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5296 attached => {parent_tid=[5296]}, 88) = 5296 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5296] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5296] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5296] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] <... futex resumed>) = 1 [pid 5294] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5295] <... write resumed>) = 262144 [pid 5295] munmap(0x7f81b2d7d000, 262144 [pid 5296] <... mount resumed>) = 0 [pid 5295] <... munmap resumed>) = 0 [pid 5295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5295] ioctl(5, LOOP_SET_FD, 3 [pid 5296] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5296] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 59.208684][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5294] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] <... futex resumed>) = 0 [pid 5296] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5296] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5294] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] <... ioctl resumed>) = 0 [pid 5295] close(3) = 0 [pid 5295] mkdir("./file1", 0777) = 0 [pid 5295] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5296] <... write resumed>) = 262144 [pid 5296] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5296] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5295] ioctl(5, LOOP_CLR_FD) = 0 [pid 5295] close(5) = 0 [pid 5295] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] exit_group(0 [pid 5296] <... futex resumed>) = ? [pid 5294] <... exit_group resumed>) = ? [pid 5296] +++ exited with 0 +++ [pid 5295] +++ exited with 0 +++ [pid 5294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5294, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/bus") = 0 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 [ 59.250211][ T5295] loop0: detected capacity change from 0 to 512 [ 59.265747][ T5295] EXT4-fs (loop0): VFS: Can't find ext4 filesystem getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5297 ./strace-static-x86_64: Process 5297 attached [pid 5297] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5297] chdir("./68") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5297] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5297] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5298 attached => {parent_tid=[5298]}, 88) = 5298 [pid 5298] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5298] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5298] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5297] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5297] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] memfd_create("syzkaller", 0) = 3 [pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5297] <... futex resumed>) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5297] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} => {parent_tid=[5299]}, 88) = 5299 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5299 attached NULL, 8) = 0 [pid 5299] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5299] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5298] <... write resumed>) = 262144 [pid 5297] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] munmap(0x7f81b2d9e000, 262144 [pid 5297] <... futex resumed>) = 0 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5297] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... munmap resumed>) = 0 [pid 5299] <... open resumed>) = 4 [pid 5299] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] <... futex resumed>) = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5297] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = 1 [pid 5299] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5299] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... openat resumed>) = 5 [pid 5297] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] ioctl(5, LOOP_SET_FD, 3 [pid 5297] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5299] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... ioctl resumed>) = 0 [pid 5297] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] close(3 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] <... close resumed>) = 0 [pid 5297] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5298] mkdir("./file1", 0777 [pid 5297] <... futex resumed>) = 1 [pid 5299] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5297] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... mkdir resumed>) = 0 [pid 5298] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5299] <... write resumed>) = 262144 [pid 5299] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5299] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5298] ioctl(5, LOOP_CLR_FD) = 0 [pid 5298] close(5) = 0 [pid 5298] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] exit_group(0 [pid 5299] <... futex resumed>) = ? [pid 5297] <... exit_group resumed>) = ? [pid 5299] +++ exited with 0 +++ [pid 5298] <... futex resumed>) = ? [pid 5298] +++ exited with 0 +++ [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/bus") = 0 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 59.342449][ T5298] loop0: detected capacity change from 0 to 512 [ 59.358258][ T5298] EXT4-fs (loop0): VFS: Can't find ext4 filesystem ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5300 attached , child_tidptr=0x555556eda690) = 5300 [pid 5300] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5300] chdir("./69") = 0 [pid 5300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5300] setpgid(0, 0) = 0 [pid 5300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5300] write(3, "1000", 4) = 4 [pid 5300] close(3) = 0 [pid 5300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5300] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5300] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5301 attached => {parent_tid=[5301]}, 88) = 5301 [pid 5301] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5301] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5301] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5300] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] memfd_create("syzkaller", 0 [pid 5300] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... memfd_create resumed>) = 3 [pid 5301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5300] <... futex resumed>) = 0 [pid 5300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5300] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5302 attached => {parent_tid=[5302]}, 88) = 5302 [pid 5302] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5302] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], [pid 5300] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5300] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5302] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5300] <... futex resumed>) = 0 [pid 5301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5302] <... open resumed>) = 4 [pid 5301] <... write resumed>) = 262144 [pid 5300] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5301] munmap(0x7f81b2d9e000, 262144) = 0 [pid 5301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5301] ioctl(5, LOOP_SET_FD, 3 [pid 5302] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5302] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5300] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... mount resumed>) = 0 [pid 5300] <... futex resumed>) = 0 [pid 5300] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5302] <... futex resumed>) = 0 [pid 5300] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5300] <... futex resumed>) = 0 [pid 5302] <... open resumed>) = 6 [pid 5300] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5300] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5300] <... futex resumed>) = 0 [pid 5300] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... write resumed>) = 262144 [pid 5301] <... ioctl resumed>) = 0 [pid 5301] close(3) = 0 [pid 5301] mkdir("./file1", 0777 [pid 5302] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5302] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] <... mkdir resumed>) = 0 [pid 5301] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = -1 EINVAL (Invalid argument) [pid 5301] ioctl(5, LOOP_CLR_FD) = 0 [pid 5301] close(5) = 0 [pid 5301] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] exit_group(0 [pid 5302] <... futex resumed>) = ? [pid 5301] <... futex resumed>) = ? [pid 5300] <... exit_group resumed>) = ? [pid 5302] +++ exited with 0 +++ [pid 5301] +++ exited with 0 +++ [pid 5300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5300, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/bus") = 0 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5303 attached , child_tidptr=0x555556eda690) = 5303 [pid 5303] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5303] chdir("./70") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5303] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5304 attached => {parent_tid=[5304]}, 88) = 5304 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5303] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5303] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5305 attached [pid 5304] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5305] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5303] <... clone3 resumed> => {parent_tid=[5305]}, 88) = 5305 [pid 5305] <... rseq resumed>) = 0 [pid 5304] <... rseq resumed>) = 0 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5305] set_robust_list(0x7f81bb19d9a0, 24 [pid 5304] set_robust_list(0x7f81bb1be9a0, 24 [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] <... set_robust_list resumed>) = 0 [pid 5303] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] <... futex resumed>) = 0 [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5303] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... set_robust_list resumed>) = 0 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5304] memfd_create("syzkaller", 0 [pid 5305] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5304] <... memfd_create resumed>) = 3 [pid 5304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5305] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5304] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5303] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... futex resumed>) = 1 [pid 5305] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5305] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... futex resumed>) = 1 [pid 5305] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5305] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... futex resumed>) = 1 [pid 5305] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5305] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5305] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... write resumed>) = 262144 [pid 5304] munmap(0x7f81b2d7d000, 262144) = 0 [ 59.431210][ T5301] loop0: detected capacity change from 0 to 512 [ 59.455801][ T5301] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5304] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5304] close(3) = 0 [pid 5304] mkdir("./file1", 0777) = 0 [ 59.500357][ T5304] loop0: detected capacity change from 0 to 512 [ 59.522346][ T5304] EXT4-fs (loop0): 1 orphan inode deleted [ 59.528363][ T5304] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5304] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5304] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5304] chdir("./file1") = 0 [pid 5304] ioctl(6, LOOP_CLR_FD) = 0 [pid 5304] close(6) = 0 [pid 5304] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] exit_group(0 [pid 5304] <... futex resumed>) = ? [pid 5303] <... exit_group resumed>) = ? [pid 5304] +++ exited with 0 +++ [pid 5305] <... futex resumed>) = ? [pid 5305] +++ exited with 0 +++ [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/bus") = 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 [ 59.541183][ T5304] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/70/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5308] chdir("./71") = 0 [pid 5308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5308] setpgid(0, 0) = 0 [pid 5308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5308] write(3, "1000", 4) = 4 [pid 5308] close(3) = 0 [pid 5308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5308] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5308] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5309]}, 88) = 5309 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5308] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5308] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 5309 attached [pid 5309] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5309] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5308] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5309] memfd_create("syzkaller", 0 [pid 5308] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5310]}, 88) = 5310 [pid 5309] <... memfd_create resumed>) = 3 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5308] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5308] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... mmap resumed>) = 0x7f81b2d7d000 ./strace-static-x86_64: Process 5310 attached [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5308 [pid 5310] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5310] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5310] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5310] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5310] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5308] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... mount resumed>) = 0 [pid 5310] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5310] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = 0 [pid 5308] <... futex resumed>) = 1 [pid 5310] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5308] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... open resumed>) = 5 [pid 5310] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5310] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5308] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5308] <... futex resumed>) = 0 [pid 5310] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5310] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] <... write resumed>) = 262144 [pid 5309] munmap(0x7f81b2d7d000, 262144) = 0 [ 59.571272][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5309] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5309] close(3) = 0 [pid 5309] mkdir("./file1", 0777) = 0 [pid 5309] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5309] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5309] chdir("./file1") = 0 [pid 5309] ioctl(6, LOOP_CLR_FD) = 0 [pid 5309] close(6) = 0 [pid 5309] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] exit_group(0 [pid 5309] <... futex resumed>) = 0 [pid 5308] <... exit_group resumed>) = ? [pid 5310] <... futex resumed>) = ? [pid 5309] +++ exited with 0 +++ [pid 5310] +++ exited with 0 +++ [pid 5308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5308, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/bus") = 0 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 59.621661][ T5309] loop0: detected capacity change from 0 to 512 [ 59.638068][ T5309] EXT4-fs (loop0): 1 orphan inode deleted [ 59.644000][ T5309] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.656695][ T5309] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/71/file1 supports timestamps until 2038-01-19 (0x7fffffff) unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5313 attached [pid 5313] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5313] chdir("./72" [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5313 [pid 5313] <... chdir resumed>) = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5313] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5314 attached => {parent_tid=[5314]}, 88) = 5314 [pid 5314] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5314] set_robust_list(0x7f81bb1be9a0, 24 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5314] <... set_robust_list resumed>) = 0 [pid 5313] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], [pid 5313] <... futex resumed>) = 0 [pid 5314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5313] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] memfd_create("syzkaller", 0 [pid 5313] <... futex resumed>) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5313] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5314] <... memfd_create resumed>) = 3 [pid 5313] <... mprotect resumed>) = 0 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5315]}, 88) = 5315 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5315 attached [pid 5314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5315] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5315] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5315] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5314] <... write resumed>) = 262144 [pid 5314] munmap(0x7f81b2d7d000, 262144 [pid 5315] <... open resumed>) = 4 [pid 5315] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... munmap resumed>) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5315] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5314] <... openat resumed>) = 5 [ 59.688940][ T5024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5314] ioctl(5, LOOP_SET_FD, 3 [pid 5315] <... mount resumed>) = 0 [pid 5315] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5315] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5315] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... futex resumed>) = 0 [pid 5315] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5313] <... futex resumed>) = 1 [pid 5313] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... ioctl resumed>) = 0 [pid 5314] close(3) = 0 [pid 5314] mkdir("./file1", 0777) = 0 [pid 5314] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5315] <... write resumed>) = 262144 [pid 5315] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... futex resumed>) = 0 [pid 5314] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5314] ioctl(5, LOOP_CLR_FD) = 0 [pid 5314] close(5) = 0 [pid 5314] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] exit_group(0 [pid 5315] <... futex resumed>) = ? [pid 5315] +++ exited with 0 +++ [pid 5313] <... exit_group resumed>) = ? [pid 5314] <... futex resumed>) = ? [pid 5314] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/bus") = 0 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5316 attached , child_tidptr=0x555556eda690) = 5316 [pid 5316] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5316] chdir("./73") = 0 [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5316] setpgid(0, 0) = 0 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5316] write(3, "1000", 4) = 4 [pid 5316] close(3) = 0 [pid 5316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5316] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5316] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5317 attached => {parent_tid=[5317]}, 88) = 5317 [pid 5317] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], [pid 5317] set_robust_list(0x7f81bb1be9a0, 24 [pid 5316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5317] <... set_robust_list resumed>) = 0 [pid 5316] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], [pid 5316] <... futex resumed>) = 0 [pid 5317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5317] memfd_create("syzkaller", 0 [pid 5316] <... mmap resumed>) = 0x7f81bb17d000 [pid 5316] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5317] <... memfd_create resumed>) = 3 [pid 5316] <... mprotect resumed>) = 0 [pid 5317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5318 attached [pid 5317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5316] <... clone3 resumed> => {parent_tid=[5318]}, 88) = 5318 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5316] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5318] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5318] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 59.730661][ T5314] loop0: detected capacity change from 0 to 512 [ 59.751281][ T5314] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5318] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... write resumed>) = 262144 [pid 5317] munmap(0x7f81b2d7d000, 262144 [pid 5318] <... futex resumed>) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... mount resumed>) = 0 [pid 5317] <... munmap resumed>) = 0 [pid 5317] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5318] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5318] <... futex resumed>) = 1 [pid 5316] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5316] <... futex resumed>) = 0 [pid 5318] <... open resumed>) = 6 [pid 5317] <... openat resumed>) = 5 [pid 5316] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] ioctl(5, LOOP_SET_FD, 3 [pid 5318] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5316] <... futex resumed>) = 0 [pid 5317] <... ioctl resumed>) = 0 [pid 5316] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] close(3) = 0 [pid 5317] mkdir("./file1", 0777) = 0 [pid 5317] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5318] <... write resumed>) = -1 EIO (Input/output error) [pid 5318] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5318] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5317] ioctl(5, LOOP_CLR_FD) = 0 [pid 5317] close(5) = 0 [pid 5317] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] exit_group(0) = ? [pid 5317] <... futex resumed>) = ? [pid 5318] <... futex resumed>) = ? [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ [pid 5316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5316, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/bus") = 0 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5319 attached , child_tidptr=0x555556eda690) = 5319 [pid 5319] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5319] chdir("./74") = 0 [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [pid 5319] close(3) = 0 [pid 5319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5319] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5319] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5320 attached [pid 5320] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5319] <... clone3 resumed> => {parent_tid=[5320]}, 88) = 5320 [pid 5320] <... rseq resumed>) = 0 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5320] set_robust_list(0x7f81bb1be9a0, 24 [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5320] <... set_robust_list resumed>) = 0 [pid 5319] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] <... futex resumed>) = 0 [pid 5320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5319] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] memfd_create("syzkaller", 0 [pid 5319] <... futex resumed>) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5320] <... memfd_create resumed>) = 3 [pid 5319] <... mmap resumed>) = 0x7f81bb17d000 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5319] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5320] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5319] <... mprotect resumed>) = 0 [pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5321 attached [pid 5321] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5319] <... clone3 resumed> => {parent_tid=[5321]}, 88) = 5321 [pid 5321] set_robust_list(0x7f81bb19d9a0, 24 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5321] <... set_robust_list resumed>) = 0 [pid 5321] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5321] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 59.814244][ T5317] loop0: detected capacity change from 0 to 512 [ 59.819059][ T5318] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 59.830151][ T5318] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 59.841793][ T5317] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5319] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... open resumed>) = 4 [pid 5319] <... futex resumed>) = 0 [pid 5321] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... write resumed>) = 262144 [pid 5320] munmap(0x7f81b2d7d000, 262144 [pid 5319] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = 1 [pid 5321] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5319] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... mount resumed>) = 0 [pid 5321] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... futex resumed>) = 1 [pid 5321] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5320] <... munmap resumed>) = 0 [pid 5321] <... open resumed>) = 5 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5321] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5319] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5319] <... futex resumed>) = 0 [pid 5321] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5320] <... openat resumed>) = 6 [pid 5319] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] ioctl(6, LOOP_SET_FD, 3 [pid 5319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] <... futex resumed>) = 0 [pid 5321] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... ioctl resumed>) = 0 [pid 5320] close(3) = 0 [pid 5320] mkdir("./file1", 0777) = 0 [pid 5320] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5320] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5320] chdir("./file1") = 0 [pid 5320] ioctl(6, LOOP_CLR_FD) = 0 [pid 5320] close(6) = 0 [pid 5320] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] exit_group(0 [pid 5321] <... futex resumed>) = ? [pid 5319] <... exit_group resumed>) = ? [pid 5321] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ [pid 5319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/bus") = 0 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5324 attached [pid 5324] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5324] chdir("./75") = 0 [pid 5324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5324] setpgid(0, 0) = 0 [pid 5324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5324] write(3, "1000", 4) = 4 [pid 5324] close(3) = 0 [pid 5324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5324] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5324] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5325 attached => {parent_tid=[5325]}, 88) = 5325 [pid 5325] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], [pid 5325] <... rseq resumed>) = 0 [pid 5324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5325] set_robust_list(0x7f81bb1be9a0, 24 [pid 5324] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... set_robust_list resumed>) = 0 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] <... futex resumed>) = 0 [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5324] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] memfd_create("syzkaller", 0 [pid 5324] <... futex resumed>) = 0 [pid 5324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5325] <... memfd_create resumed>) = 3 [pid 5324] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5324] <... mprotect resumed>) = 0 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5324 [pid 5325] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5324] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5324] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5326]}, 88) = 5326 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5324] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5326 attached [pid 5326] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5326] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5326] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5325] <... write resumed>) = 262144 [pid 5326] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5324] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5326] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5326] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5326] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 59.899632][ T5320] loop0: detected capacity change from 0 to 512 [ 59.917926][ T5320] EXT4-fs (loop0): 1 orphan inode deleted [ 59.923878][ T5320] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/74/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5325] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5325] close(3) = 0 [pid 5325] mkdir("./file1", 0777) = 0 [pid 5325] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5325] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5325] chdir("./file1") = 0 [pid 5325] ioctl(6, LOOP_CLR_FD) = 0 [pid 5325] close(6) = 0 [pid 5325] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] exit_group(0 [pid 5326] <... futex resumed>) = ? [pid 5324] <... exit_group resumed>) = ? [pid 5326] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ [pid 5324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5324, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/bus") = 0 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 [ 59.973786][ T5325] loop0: detected capacity change from 0 to 512 [ 59.998237][ T5325] EXT4-fs (loop0): 1 orphan inode deleted [ 60.004035][ T5325] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/75/file1 supports timestamps until 2038-01-19 (0x7fffffff) mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5329 attached , child_tidptr=0x555556eda690) = 5329 [pid 5329] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5329] chdir("./76") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5329] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5330 attached [pid 5330] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5330] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5330] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... clone3 resumed> => {parent_tid=[5330]}, 88) = 5330 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5329] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5329] <... futex resumed>) = 1 [pid 5329] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] memfd_create("syzkaller", 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5330] <... memfd_create resumed>) = 3 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5329] <... mmap resumed>) = 0x7f81bb17d000 [pid 5330] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5329] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5331 attached [pid 5330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5331] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5331] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5329] <... clone3 resumed> => {parent_tid=[5331]}, 88) = 5331 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5331] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5329] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5329] <... futex resumed>) = 1 [pid 5331] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5329] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... open resumed>) = 4 [pid 5331] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... write resumed>) = 262144 [pid 5330] munmap(0x7f81b2d7d000, 262144 [pid 5331] <... futex resumed>) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5330] <... munmap resumed>) = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5331] <... mount resumed>) = 0 [pid 5330] <... openat resumed>) = 5 [pid 5330] ioctl(5, LOOP_SET_FD, 3 [pid 5331] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... futex resumed>) = 0 [pid 5330] <... ioctl resumed>) = 0 [pid 5329] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] close(3 [pid 5331] <... futex resumed>) = 0 [pid 5329] <... futex resumed>) = 1 [pid 5330] <... close resumed>) = 0 [pid 5331] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5330] mkdir("./file1", 0777 [pid 5329] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... open resumed>) = 3 [pid 5331] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5329] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... mkdir resumed>) = 0 [pid 5330] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5331] <... write resumed>) = 262144 [pid 5331] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5331] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5330] ioctl(5, LOOP_CLR_FD) = 0 [pid 5330] close(5) = 0 [pid 5330] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] exit_group(0) = ? [pid 5331] <... futex resumed>) = ? [pid 5330] <... futex resumed>) = ? [pid 5330] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/bus") = 0 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5332 attached , child_tidptr=0x555556eda690) = 5332 [pid 5332] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5332] chdir("./77") = 0 [pid 5332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5332] setpgid(0, 0) = 0 [pid 5332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5332] write(3, "1000", 4) = 4 [pid 5332] close(3) = 0 [ 60.084655][ T5330] loop0: detected capacity change from 0 to 512 [ 60.099039][ T5330] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5332] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5332] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5333 attached => {parent_tid=[5333]}, 88) = 5333 [pid 5333] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5333] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], [pid 5332] rt_sigprocmask(SIG_SETMASK, [], [pid 5333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5332] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] memfd_create("syzkaller", 0 [pid 5332] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5332] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5333] <... memfd_create resumed>) = 3 [pid 5333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5334 attached [pid 5334] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5332] <... clone3 resumed> => {parent_tid=[5334]}, 88) = 5334 [pid 5334] <... rseq resumed>) = 0 [pid 5333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], [pid 5334] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], [pid 5332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5332] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... open resumed>) = 4 [pid 5334] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5332] <... futex resumed>) = 0 [pid 5334] <... mount resumed>) = 0 [pid 5333] <... write resumed>) = 262144 [pid 5332] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] munmap(0x7f81b2d7d000, 262144 [pid 5334] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... munmap resumed>) = 0 [pid 5333] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5332] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5332] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5333] <... openat resumed>) = 5 [pid 5332] <... futex resumed>) = 0 [pid 5333] ioctl(5, LOOP_SET_FD, 3 [pid 5334] <... open resumed>) = 6 [pid 5333] <... ioctl resumed>) = 0 [pid 5332] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5334] <... futex resumed>) = 0 [pid 5332] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5332] <... futex resumed>) = 0 [pid 5333] close(3 [pid 5332] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... close resumed>) = 0 [pid 5333] mkdir("./file1", 0777) = 0 [pid 5333] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5334] <... write resumed>) = 262144 [pid 5334] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] <... futex resumed>) = 0 [pid 5333] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5333] ioctl(5, LOOP_CLR_FD) = 0 [pid 5333] close(5) = 0 [pid 5333] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] exit_group(0 [pid 5334] <... futex resumed>) = ? [pid 5332] <... exit_group resumed>) = ? [pid 5333] <... futex resumed>) = ? [pid 5334] +++ exited with 0 +++ [pid 5333] +++ exited with 0 +++ [pid 5332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5332, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/bus") = 0 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5335 attached [pid 5335] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5335] chdir("./78") = 0 [pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5335 [ 60.168212][ T5333] loop0: detected capacity change from 0 to 512 [ 60.182764][ T5333] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5335] setpgid(0, 0) = 0 [pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5335] write(3, "1000", 4) = 4 [pid 5335] close(3) = 0 [pid 5335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5335] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5335] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5336]}, 88) = 5336 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5335] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5335] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5337 attached [pid 5337] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5335] <... clone3 resumed> => {parent_tid=[5337]}, 88) = 5337 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], [pid 5337] <... rseq resumed>) = 0 [pid 5335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5337] set_robust_list(0x7f81bb19d9a0, 24 [pid 5335] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... set_robust_list resumed>) = 0 [pid 5335] <... futex resumed>) = 0 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], [pid 5335] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5336 attached [pid 5337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5337] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5336] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5337] <... open resumed>) = 3 [pid 5336] <... rseq resumed>) = 0 [pid 5336] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5336] memfd_create("syzkaller", 0) = 4 [pid 5336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5337] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] <... futex resumed>) = 1 [pid 5337] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5335] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5337] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5337] <... futex resumed>) = 1 [pid 5337] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5337] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... write resumed>) = 262144 [pid 5335] <... futex resumed>) = 0 [pid 5336] munmap(0x7f81b2d7d000, 262144 [pid 5337] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5335] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5337] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5337] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] <... munmap resumed>) = 0 [pid 5337] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] <... futex resumed>) = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5336] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5336] close(4) = 0 [pid 5336] mkdir("./file1", 0777) = 0 [pid 5336] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5336] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5336] chdir("./file1") = 0 [pid 5336] ioctl(6, LOOP_CLR_FD) = 0 [pid 5336] close(6) = 0 [pid 5336] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] exit_group(0) = ? [pid 5337] <... futex resumed>) = ? [pid 5336] <... futex resumed>) = ? [pid 5337] +++ exited with 0 +++ [pid 5336] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5335, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/bus") = 0 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 60.251564][ T5336] loop0: detected capacity change from 0 to 512 [ 60.278862][ T5336] EXT4-fs (loop0): 1 orphan inode deleted [ 60.284664][ T5336] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/78/file1 supports timestamps until 2038-01-19 (0x7fffffff) newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5341 attached , child_tidptr=0x555556eda690) = 5341 [pid 5341] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5341] chdir("./79") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5341] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5342 attached => {parent_tid=[5342]}, 88) = 5342 [pid 5342] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], [pid 5342] <... rseq resumed>) = 0 [pid 5341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5342] set_robust_list(0x7f81bb1be9a0, 24 [pid 5341] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... set_robust_list resumed>) = 0 [pid 5341] <... futex resumed>) = 0 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], [pid 5341] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5341] <... futex resumed>) = 0 [pid 5342] memfd_create("syzkaller", 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5342] <... memfd_create resumed>) = 3 [pid 5341] <... mmap resumed>) = 0x7f81bb17d000 [pid 5342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5341] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5342] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5341] <... mprotect resumed>) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5343]}, 88) = 5343 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5343 attached [pid 5342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5343] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5341] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... rseq resumed>) = 0 [pid 5343] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5342] <... write resumed>) = 262144 [pid 5342] munmap(0x7f81b2d7d000, 262144 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], [pid 5342] <... munmap resumed>) = 0 [pid 5343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5343] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5342] ioctl(5, LOOP_SET_FD, 3 [pid 5343] <... open resumed>) = 4 [pid 5343] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5343] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5343] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5341] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... mount resumed>) = 0 [pid 5343] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5343] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5342] <... ioctl resumed>) = 0 [pid 5342] close(3) = 0 [pid 5342] mkdir("./file1", 0777) = 0 [pid 5342] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5343] <... write resumed>) = -1 EIO (Input/output error) [pid 5343] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5343] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5342] ioctl(5, LOOP_CLR_FD) = 0 [pid 5342] close(5) = 0 [pid 5342] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] exit_group(0 [pid 5342] <... futex resumed>) = ? [pid 5341] <... exit_group resumed>) = ? [pid 5342] +++ exited with 0 +++ [pid 5343] <... futex resumed>) = ? [pid 5343] +++ exited with 0 +++ [pid 5341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5341, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/bus") = 0 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5344 ./strace-static-x86_64: Process 5344 attached [pid 5344] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5344] chdir("./80") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5344] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5345 attached => {parent_tid=[5345]}, 88) = 5345 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5345] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5345] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5344] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] memfd_create("syzkaller", 0 [pid 5344] <... futex resumed>) = 0 [ 60.353585][ T5342] loop0: detected capacity change from 0 to 512 [ 60.360586][ T5343] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 60.370377][ T5343] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 60.382442][ T5342] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5345] <... memfd_create resumed>) = 3 [pid 5344] <... mmap resumed>) = 0x7f81bb17d000 [pid 5344] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5344] <... mprotect resumed>) = 0 [pid 5345] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5346 attached [pid 5346] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5344] <... clone3 resumed> => {parent_tid=[5346]}, 88) = 5346 [pid 5346] <... rseq resumed>) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5346] set_robust_list(0x7f81bb19d9a0, 24 [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5346] <... set_robust_list resumed>) = 0 [pid 5344] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], [pid 5344] <... futex resumed>) = 0 [pid 5346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5345] <... write resumed>) = 262144 [pid 5345] munmap(0x7f81b2d7d000, 262144 [pid 5346] <... open resumed>) = 4 [pid 5346] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] <... munmap resumed>) = 0 [pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5346] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] <... futex resumed>) = 0 [pid 5346] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5344] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... openat resumed>) = 5 [pid 5345] ioctl(5, LOOP_SET_FD, 3 [pid 5346] <... mount resumed>) = 0 [pid 5346] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5344] <... futex resumed>) = 0 [pid 5346] <... open resumed>) = 6 [pid 5344] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5344] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5345] <... ioctl resumed>) = 0 [pid 5345] close(3) = 0 [pid 5345] mkdir("./file1", 0777) = 0 [pid 5345] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5346] <... write resumed>) = 262144 [pid 5346] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5345] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5345] ioctl(5, LOOP_CLR_FD) = 0 [pid 5345] close(5) = 0 [pid 5345] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] exit_group(0 [pid 5345] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5344] <... exit_group resumed>) = ? [pid 5346] <... futex resumed>) = ? [pid 5345] +++ exited with 0 +++ [pid 5346] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5344, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/bus") = 0 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5347 attached , child_tidptr=0x555556eda690) = 5347 [pid 5347] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5347] chdir("./81") = 0 [pid 5347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5347] setpgid(0, 0) = 0 [pid 5347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5347] write(3, "1000", 4) = 4 [pid 5347] close(3) = 0 [ 60.442256][ T5345] loop0: detected capacity change from 0 to 512 [ 60.455379][ T5345] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5347] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5347] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5348 attached => {parent_tid=[5348]}, 88) = 5348 [pid 5348] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], [pid 5348] <... rseq resumed>) = 0 [pid 5347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5348] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5347] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] rt_sigprocmask(SIG_SETMASK, [], [pid 5347] <... futex resumed>) = 0 [pid 5348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5347] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] memfd_create("syzkaller", 0 [pid 5347] <... futex resumed>) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5348] <... memfd_create resumed>) = 3 [pid 5347] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5349]}, 88) = 5349 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5347] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5349 attached [pid 5348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5349] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5349] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5349] rt_sigprocmask(SIG_SETMASK, [], [pid 5348] <... write resumed>) = 262144 [pid 5349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5348] munmap(0x7f81b2d7d000, 262144 [pid 5349] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5348] <... munmap resumed>) = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5348] ioctl(5, LOOP_SET_FD, 3 [pid 5349] <... open resumed>) = 4 [pid 5349] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5349] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5347] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [pid 5349] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5349] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5349] <... futex resumed>) = 1 [pid 5347] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5348] <... ioctl resumed>) = 0 [pid 5347] <... futex resumed>) = 0 [pid 5348] close(3 [pid 5347] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... close resumed>) = 0 [pid 5348] mkdir("./file1", 0777) = 0 [pid 5348] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5349] <... write resumed>) = -1 EIO (Input/output error) [pid 5349] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5349] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5348] ioctl(5, LOOP_CLR_FD) = 0 [pid 5348] close(5) = 0 [pid 5348] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] exit_group(0 [pid 5349] <... futex resumed>) = ? [pid 5348] <... futex resumed>) = ? [pid 5347] <... exit_group resumed>) = ? [pid 5349] +++ exited with 0 +++ [pid 5348] +++ exited with 0 +++ [pid 5347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5347, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/bus") = 0 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5350 attached , child_tidptr=0x555556eda690) = 5350 [pid 5350] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5350] chdir("./82") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [ 60.516587][ T5348] loop0: detected capacity change from 0 to 512 [ 60.521490][ T5349] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 60.534269][ T5349] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 60.546872][ T5348] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5350] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5351 attached [pid 5351] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5350] <... clone3 resumed> => {parent_tid=[5351]}, 88) = 5351 [pid 5351] <... rseq resumed>) = 0 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], [pid 5351] set_robust_list(0x7f81bb1be9a0, 24 [pid 5350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5351] <... set_robust_list resumed>) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5351] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5350] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] memfd_create("syzkaller", 0) = 3 [pid 5350] <... futex resumed>) = 0 [pid 5351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5350] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5350] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5352 attached [pid 5352] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5352] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5352] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... write resumed>) = 262144 [pid 5351] munmap(0x7f81b2d9e000, 262144) = 0 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5351] ioctl(4, LOOP_SET_FD, 3 [pid 5350] <... clone3 resumed> => {parent_tid=[5352]}, 88) = 5352 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5351] <... ioctl resumed>) = 0 [pid 5351] close(3) = 0 [pid 5351] mkdir("./file1", 0777) = 0 [pid 5350] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5350] <... futex resumed>) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5352] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5350] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... open resumed>) = 3 [pid 5352] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5350] <... futex resumed>) = 1 [pid 5352] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5350] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... mount resumed>) = 0 [pid 5352] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5352] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5352] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5350] <... futex resumed>) = 0 [pid 5352] <... open resumed>) = 5 [pid 5350] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5352] <... futex resumed>) = 1 [pid 5352] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5350] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... write resumed>) = 262144 [pid 5352] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... futex resumed>) = 0 [pid 5351] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5351] ioctl(4, LOOP_CLR_FD) = 0 [pid 5351] close(4) = 0 [pid 5351] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] exit_group(0 [pid 5352] <... futex resumed>) = ? [pid 5350] <... exit_group resumed>) = ? [pid 5352] +++ exited with 0 +++ [pid 5351] <... futex resumed>) = ? [pid 5351] +++ exited with 0 +++ [pid 5350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5350, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/bus") = 0 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5353] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5353] chdir("./83") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5353] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5354 attached => {parent_tid=[5354]}, 88) = 5354 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5353] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5353] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5354] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5353] <... mprotect resumed>) = 0 [pid 5354] <... rseq resumed>) = 0 [pid 5354] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5353] <... rt_sigprocmask resumed>[], 8) = 0 [ 60.609362][ T5351] loop0: detected capacity change from 0 to 512 [ 60.636488][ T5351] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5354] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5355 attached [pid 5353] <... clone3 resumed> => {parent_tid=[5355]}, 88) = 5355 [pid 5354] <... memfd_create resumed>) = 3 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], [pid 5355] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5355] <... rseq resumed>) = 0 [pid 5353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5353] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5355] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5353] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5355] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5355] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5355] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5355] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5353] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... mount resumed>) = 0 [pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5355] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5355] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... futex resumed>) = 0 [pid 5355] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5355] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5353] <... futex resumed>) = 0 [pid 5355] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5353] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] <... write resumed>) = 262144 [pid 5354] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5354] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] mkdir("./file1", 0777) = 0 [pid 5354] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./file1") = 0 [pid 5354] ioctl(6, LOOP_CLR_FD) = 0 [pid 5354] close(6) = 0 [pid 5354] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] exit_group(0 [pid 5355] <... futex resumed>) = ? [pid 5354] <... futex resumed>) = ? [pid 5353] <... exit_group resumed>) = ? [pid 5355] +++ exited with 0 +++ [pid 5354] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/bus") = 0 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5359 ./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5359] chdir("./84") = 0 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 60.701219][ T5354] loop0: detected capacity change from 0 to 512 [ 60.718438][ T5354] EXT4-fs (loop0): 1 orphan inode deleted [ 60.724375][ T5354] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/83/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5359] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5359] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5360 attached => {parent_tid=[5360]}, 88) = 5360 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5359] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5360] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5359] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5360] <... rseq resumed>) = 0 [pid 5360] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], [pid 5359] <... mprotect resumed>) = 0 [pid 5360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5360] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5361 attached [pid 5359] <... clone3 resumed> => {parent_tid=[5361]}, 88) = 5361 [pid 5361] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] <... memfd_create resumed>) = 3 [pid 5360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5361] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5361] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5361] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5359] <... futex resumed>) = 1 [pid 5359] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... open resumed>) = 4 [pid 5361] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5359] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... futex resumed>) = 1 [pid 5361] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5361] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5361] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5359] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... open resumed>) = 5 [pid 5361] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5361] <... futex resumed>) = 1 [pid 5359] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5359] <... futex resumed>) = 0 [pid 5361] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5359] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] <... futex resumed>) = 0 [pid 5361] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] <... write resumed>) = 262144 [pid 5360] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5360] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5360] close(3) = 0 [pid 5360] mkdir("./file1", 0777) = 0 [pid 5360] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5360] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5360] chdir("./file1") = 0 [pid 5360] ioctl(6, LOOP_CLR_FD) = 0 [pid 5360] close(6) = 0 [pid 5360] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] exit_group(0) = ? [pid 5361] <... futex resumed>) = ? [pid 5360] <... futex resumed>) = ? [pid 5361] +++ exited with 0 +++ [pid 5360] +++ exited with 0 +++ [pid 5359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5359, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/bus") = 0 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5365 ./strace-static-x86_64: Process 5365 attached [pid 5365] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5365] chdir("./85") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5365] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 60.802951][ T5360] loop0: detected capacity change from 0 to 512 [ 60.817736][ T5360] EXT4-fs (loop0): 1 orphan inode deleted [ 60.823502][ T5360] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/84/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5366]}, 88) = 5366 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5365] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5365] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5366 attached [pid 5366] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5365] <... mprotect resumed>) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5367 attached [pid 5366] <... rseq resumed>) = 0 [pid 5366] set_robust_list(0x7f81bb1be9a0, 24 [pid 5367] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5367] set_robust_list(0x7f81bb19d9a0, 24 [pid 5366] rt_sigprocmask(SIG_SETMASK, [], [pid 5367] <... set_robust_list resumed>) = 0 [pid 5366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] <... clone3 resumed> => {parent_tid=[5367]}, 88) = 5367 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5366] memfd_create("syzkaller", 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5367] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] <... memfd_create resumed>) = 3 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5365] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5367] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5367] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5365] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... open resumed>) = 4 [pid 5367] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5365] <... futex resumed>) = 0 [pid 5367] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5367] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5365] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... mount resumed>) = 0 [pid 5366] <... write resumed>) = 262144 [pid 5367] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] munmap(0x7f81b2d7d000, 262144 [pid 5365] <... futex resumed>) = 0 [pid 5366] <... munmap resumed>) = 0 [pid 5367] <... futex resumed>) = 1 [pid 5365] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5365] <... futex resumed>) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5365] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... open resumed>) = 5 [pid 5367] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... openat resumed>) = 6 [pid 5365] <... futex resumed>) = 0 [pid 5366] ioctl(6, LOOP_SET_FD, 3 [pid 5365] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5367] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5365] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... ioctl resumed>) = 0 [pid 5366] close(3) = 0 [pid 5366] mkdir("./file1", 0777) = 0 [pid 5366] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5367] <... write resumed>) = 262144 [pid 5367] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5367] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5366] ioctl(6, LOOP_CLR_FD) = 0 [pid 5366] close(6) = 0 [pid 5366] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] exit_group(0 [pid 5366] <... futex resumed>) = ? [pid 5365] <... exit_group resumed>) = ? [pid 5367] <... futex resumed>) = ? [pid 5367] +++ exited with 0 +++ [pid 5366] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/bus") = 0 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5368 attached , child_tidptr=0x555556eda690) = 5368 [pid 5368] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5368] chdir("./86") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5368] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5369 attached [pid 5369] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5368] <... clone3 resumed> => {parent_tid=[5369]}, 88) = 5369 [pid 5369] <... rseq resumed>) = 0 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5369] set_robust_list(0x7f81bb1be9a0, 24 [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5369] <... set_robust_list resumed>) = 0 [pid 5368] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] <... futex resumed>) = 0 [pid 5369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5369] memfd_create("syzkaller", 0 [pid 5368] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5369] <... memfd_create resumed>) = 3 [pid 5368] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5368] <... mprotect resumed>) = 0 [pid 5369] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5368] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5370]}, 88) = 5370 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5368] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5370 attached [ 60.900454][ T5366] loop0: detected capacity change from 0 to 512 [ 60.914681][ T5366] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5370] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5370] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5370] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5370] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = 1 [pid 5370] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5368] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... mount resumed>) = 0 [pid 5369] <... write resumed>) = 262144 [pid 5369] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5369] ioctl(5, LOOP_SET_FD, 3 [pid 5370] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... ioctl resumed>) = 0 [pid 5370] <... futex resumed>) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] close(3) = 0 [pid 5369] mkdir("./file1", 0777 [pid 5370] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5369] <... mkdir resumed>) = 0 [pid 5369] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5370] <... open resumed>) = 3 [pid 5370] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... write resumed>) = 262144 [pid 5370] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5370] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5369] ioctl(5, LOOP_CLR_FD) = 0 [pid 5369] close(5) = 0 [pid 5369] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] exit_group(0 [pid 5370] <... futex resumed>) = ? [pid 5369] <... futex resumed>) = ? [pid 5368] <... exit_group resumed>) = ? [pid 5370] +++ exited with 0 +++ [pid 5369] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5368, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/bus") = 0 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5373 ./strace-static-x86_64: Process 5373 attached [pid 5373] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5373] chdir("./87") = 0 [pid 5373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 60.964865][ T5369] loop0: detected capacity change from 0 to 512 [ 60.975914][ T5371] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 60.987024][ T5369] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor212: Invalid inode table block 0 in block_group 0 [ 61.001278][ T5369] EXT4-fs (loop0): get root inode failed [ 61.007558][ T5369] EXT4-fs (loop0): mount failed [pid 5373] setpgid(0, 0) = 0 [pid 5373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5373] write(3, "1000", 4) = 4 [pid 5373] close(3) = 0 [pid 5373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5373] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5373] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5374 attached => {parent_tid=[5374]}, 88) = 5374 [pid 5374] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5374] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5374] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5373] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5374] memfd_create("syzkaller", 0 [pid 5373] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... memfd_create resumed>) = 3 [pid 5374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5373] <... futex resumed>) = 0 [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5373] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5374] <... write resumed>) = 262144 [pid 5373] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE [pid 5374] munmap(0x7f81b2d9e000, 262144 [pid 5373] <... mprotect resumed>) = 0 [pid 5373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} [pid 5374] <... munmap resumed>) = 0 [pid 5374] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5375 attached [pid 5373] <... clone3 resumed> => {parent_tid=[5375]}, 88) = 5375 [pid 5375] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5375] <... rseq resumed>) = 0 [pid 5375] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5375] <... set_robust_list resumed>) = 0 [pid 5373] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] <... futex resumed>) = 0 [pid 5374] <... openat resumed>) = 4 [pid 5375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5374] ioctl(4, LOOP_SET_FD, 3 [pid 5375] <... open resumed>) = 5 [pid 5375] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5373] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5374] <... ioctl resumed>) = 0 [pid 5375] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5375] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] <... futex resumed>) = 0 [pid 5375] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5373] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... open resumed>) = 6 [pid 5374] close(3) = 0 [pid 5374] mkdir("./file1", 0777 [pid 5375] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... mkdir resumed>) = 0 [pid 5374] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5375] <... write resumed>) = 262144 [pid 5375] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5375] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5374] ioctl(4, LOOP_CLR_FD) = 0 [pid 5374] close(4) = 0 [pid 5374] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] exit_group(0 [pid 5375] <... futex resumed>) = ? [pid 5373] <... exit_group resumed>) = ? [pid 5374] <... futex resumed>) = ? [pid 5375] +++ exited with 0 +++ [pid 5374] +++ exited with 0 +++ [pid 5373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5373, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/bus") = 0 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5376 ./strace-static-x86_64: Process 5376 attached [pid 5376] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5376] chdir("./88") = 0 [pid 5376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5376] setpgid(0, 0) = 0 [pid 5376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5376] write(3, "1000", 4) = 4 [pid 5376] close(3) = 0 [pid 5376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5376] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [ 61.071966][ T5374] loop0: detected capacity change from 0 to 512 [ 61.093295][ T5374] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5376] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5377 attached => {parent_tid=[5377]}, 88) = 5377 [pid 5376] rt_sigprocmask(SIG_SETMASK, [], [pid 5377] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5377] <... rseq resumed>) = 0 [pid 5376] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] set_robust_list(0x7f81bb1be9a0, 24 [pid 5376] <... futex resumed>) = 0 [pid 5377] <... set_robust_list resumed>) = 0 [pid 5377] rt_sigprocmask(SIG_SETMASK, [], [pid 5376] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5376] <... futex resumed>) = 0 [pid 5376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5377] memfd_create("syzkaller", 0 [pid 5376] <... mmap resumed>) = 0x7f81bb17d000 [pid 5376] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5377] <... memfd_create resumed>) = 3 [pid 5377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5376] <... mprotect resumed>) = 0 [pid 5377] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5378 attached [pid 5376] <... clone3 resumed> => {parent_tid=[5378]}, 88) = 5378 [pid 5376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5376] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5378] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5377] <... write resumed>) = 262144 [pid 5378] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5377] munmap(0x7f81b2d7d000, 262144 [pid 5378] <... open resumed>) = 4 [pid 5378] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5377] <... munmap resumed>) = 0 [pid 5378] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5376] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... openat resumed>) = 5 [pid 5378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5377] ioctl(5, LOOP_SET_FD, 3 [pid 5376] <... futex resumed>) = 0 [pid 5378] <... mount resumed>) = 0 [pid 5376] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5376] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5378] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5376] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] <... ioctl resumed>) = 0 [pid 5377] close(3) = 0 [pid 5377] mkdir("./file1", 0777) = 0 [pid 5377] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5378] <... write resumed>) = 262144 [pid 5378] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5378] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5377] ioctl(5, LOOP_CLR_FD) = 0 [pid 5377] close(5) = 0 [pid 5377] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] exit_group(0) = ? [pid 5378] <... futex resumed>) = ? [pid 5377] <... futex resumed>) = ? [pid 5378] +++ exited with 0 +++ [pid 5377] +++ exited with 0 +++ [pid 5376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5376, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/bus") = 0 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5379 attached , child_tidptr=0x555556eda690) = 5379 [pid 5379] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5379] chdir("./89") = 0 [pid 5379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5379] setpgid(0, 0) = 0 [pid 5379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5379] write(3, "1000", 4) = 4 [pid 5379] close(3) = 0 [pid 5379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5379] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5379] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5380 attached => {parent_tid=[5380]}, 88) = 5380 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5379] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5379] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5380] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5379] <... mprotect resumed>) = 0 [pid 5380] <... rseq resumed>) = 0 [ 61.161904][ T5377] loop0: detected capacity change from 0 to 512 [ 61.176162][ T5377] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5380] set_robust_list(0x7f81bb1be9a0, 24./strace-static-x86_64: Process 5381 attached [pid 5381] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5379] <... clone3 resumed> => {parent_tid=[5381]}, 88) = 5381 [pid 5381] <... rseq resumed>) = 0 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], [pid 5381] set_robust_list(0x7f81bb19d9a0, 24 [pid 5379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5381] <... set_robust_list resumed>) = 0 [pid 5379] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5379] <... futex resumed>) = 0 [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5379] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5380] <... set_robust_list resumed>) = 0 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5380] memfd_create("syzkaller", 0) = 4 [pid 5381] <... open resumed>) = 3 [pid 5380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5381] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... futex resumed>) = 1 [pid 5381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5381] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... futex resumed>) = 1 [pid 5381] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5381] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5379] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... futex resumed>) = 1 [pid 5381] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5381] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5381] <... futex resumed>) = 1 [pid 5381] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] <... write resumed>) = 262144 [pid 5380] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5380] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5380] close(4) = 0 [pid 5380] mkdir("./file1", 0777) = 0 [pid 5380] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5380] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5380] chdir("./file1") = 0 [pid 5380] ioctl(6, LOOP_CLR_FD) = 0 [pid 5380] close(6) = 0 [pid 5380] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] exit_group(0) = ? [pid 5380] <... futex resumed>) = ? [pid 5380] +++ exited with 0 +++ [pid 5381] <... futex resumed>) = ? [pid 5381] +++ exited with 0 +++ [pid 5379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5379, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/bus") = 0 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 [ 61.231361][ T5380] loop0: detected capacity change from 0 to 512 [ 61.258016][ T5380] EXT4-fs (loop0): 1 orphan inode deleted [ 61.263791][ T5380] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/89/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5384 attached , child_tidptr=0x555556eda690) = 5384 [pid 5384] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5384] chdir("./90") = 0 [pid 5384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5384] setpgid(0, 0) = 0 [pid 5384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5384] write(3, "1000", 4) = 4 [pid 5384] close(3) = 0 [pid 5384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5384] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5384] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5385 attached => {parent_tid=[5385]}, 88) = 5385 [pid 5385] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] set_robust_list(0x7f81bb1be9a0, 24 [pid 5384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] <... set_robust_list resumed>) = 0 [pid 5384] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5384] <... futex resumed>) = 0 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5384] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] memfd_create("syzkaller", 0 [pid 5384] <... futex resumed>) = 0 [pid 5384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5385] <... memfd_create resumed>) = 3 [pid 5384] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5386]}, 88) = 5386 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5384] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] <... write resumed>) = 262144 [pid 5385] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5385] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5386 attached [pid 5386] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5385] <... ioctl resumed>) = 0 [pid 5385] close(3) = 0 [pid 5386] <... rseq resumed>) = 0 [pid 5386] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] mkdir("./file1", 0777 [pid 5386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5385] <... mkdir resumed>) = 0 [pid 5386] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5386] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5384] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] <... futex resumed>) = 0 [pid 5386] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5384] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... open resumed>) = 5 [pid 5386] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5386] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5384] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... write resumed>) = 262144 [pid 5386] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] <... futex resumed>) = 0 [pid 5385] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5385] ioctl(4, LOOP_CLR_FD) = 0 [pid 5385] close(4) = 0 [pid 5385] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] exit_group(0) = ? [pid 5385] <... futex resumed>) = ? [pid 5385] +++ exited with 0 +++ [pid 5386] <... futex resumed>) = ? [pid 5386] +++ exited with 0 +++ [pid 5384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5384, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/bus") = 0 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5387 ./strace-static-x86_64: Process 5387 attached [pid 5387] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5387] chdir("./91") = 0 [pid 5387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5387] setpgid(0, 0) = 0 [pid 5387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5387] write(3, "1000", 4) = 4 [pid 5387] close(3) = 0 [pid 5387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5387] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5387] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5388]}, 88) = 5388 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5387] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5388 attached [pid 5387] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5388] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5387] <... futex resumed>) = 0 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], [pid 5387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] <... mmap resumed>) = 0x7f81bb17d000 [pid 5387] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5388] memfd_create("syzkaller", 0) = 3 [pid 5387] <... mprotect resumed>) = 0 [pid 5388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5389 attached [pid 5389] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5389] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], [pid 5387] <... clone3 resumed> => {parent_tid=[5389]}, 88) = 5389 [pid 5389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], [pid 5389] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5387] <... futex resumed>) = 1 [pid 5389] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5387] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [ 61.338142][ T5385] loop0: detected capacity change from 0 to 512 [ 61.365340][ T5385] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... futex resumed>) = 1 [pid 5389] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5389] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5388] <... write resumed>) = 262144 [pid 5387] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5387] <... futex resumed>) = 0 [pid 5389] <... open resumed>) = 5 [pid 5387] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5387] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5389] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] munmap(0x7f81b2d7d000, 262144 [pid 5389] <... futex resumed>) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5389] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] <... munmap resumed>) = 0 [pid 5388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5388] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5388] close(3) = 0 [pid 5388] mkdir("./file1", 0777) = 0 [pid 5388] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5388] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5388] chdir("./file1") = 0 [pid 5388] ioctl(6, LOOP_CLR_FD) = 0 [pid 5388] close(6) = 0 [pid 5388] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] exit_group(0 [pid 5388] <... futex resumed>) = ? [pid 5387] <... exit_group resumed>) = ? [pid 5388] +++ exited with 0 +++ [pid 5389] <... futex resumed>) = ? [pid 5389] +++ exited with 0 +++ [pid 5387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5387, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/bus") = 0 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5392 ./strace-static-x86_64: Process 5392 attached [pid 5392] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5392] chdir("./92") = 0 [pid 5392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5392] setpgid(0, 0) = 0 [ 61.423052][ T5388] loop0: detected capacity change from 0 to 512 [ 61.438947][ T5388] EXT4-fs (loop0): 1 orphan inode deleted [ 61.444867][ T5388] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/91/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5392] write(3, "1000", 4) = 4 [pid 5392] close(3) = 0 [pid 5392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5392] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5392] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5393 attached => {parent_tid=[5393]}, 88) = 5393 [pid 5393] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], [pid 5393] <... rseq resumed>) = 0 [pid 5393] set_robust_list(0x7f81bb1be9a0, 24 [pid 5392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5393] <... set_robust_list resumed>) = 0 [pid 5392] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5392] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5393] memfd_create("syzkaller", 0 [pid 5392] <... mmap resumed>) = 0x7f81bb17d000 [pid 5393] <... memfd_create resumed>) = 3 [pid 5393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5392] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5393] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5392] <... mprotect resumed>) = 0 [pid 5392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5394 attached => {parent_tid=[5394]}, 88) = 5394 [pid 5394] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], [pid 5394] set_robust_list(0x7f81bb19d9a0, 24 [pid 5392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5394] <... set_robust_list resumed>) = 0 [pid 5392] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], [pid 5392] <... futex resumed>) = 0 [pid 5394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5392] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5394] <... open resumed>) = 4 [pid 5394] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5394] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5392] <... futex resumed>) = 0 [pid 5394] <... mount resumed>) = 0 [pid 5393] <... write resumed>) = 262144 [pid 5392] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5393] munmap(0x7f81b2d7d000, 262144 [pid 5392] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5394] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5392] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... open resumed>) = 5 [pid 5394] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5394] <... futex resumed>) = 1 [pid 5393] <... munmap resumed>) = 0 [pid 5392] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5392] <... futex resumed>) = 0 [pid 5394] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5392] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5394] <... futex resumed>) = 0 [pid 5393] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5394] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] <... openat resumed>) = 6 [pid 5393] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5393] close(3) = 0 [pid 5393] mkdir("./file1", 0777) = 0 [pid 5393] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5393] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5393] chdir("./file1") = 0 [pid 5393] ioctl(6, LOOP_CLR_FD) = 0 [pid 5393] close(6) = 0 [pid 5393] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] exit_group(0 [pid 5394] <... futex resumed>) = ? [pid 5393] <... futex resumed>) = ? [pid 5392] <... exit_group resumed>) = ? [pid 5394] +++ exited with 0 +++ [pid 5393] +++ exited with 0 +++ [pid 5392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5392, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/bus") = 0 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 [ 61.522508][ T5393] loop0: detected capacity change from 0 to 512 [ 61.548511][ T5393] EXT4-fs (loop0): 1 orphan inode deleted [ 61.554503][ T5393] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/92/file1 supports timestamps until 2038-01-19 (0x7fffffff) mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5397 attached , child_tidptr=0x555556eda690) = 5397 [pid 5397] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5397] chdir("./93") = 0 [pid 5397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5397] setpgid(0, 0) = 0 [pid 5397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5397] write(3, "1000", 4) = 4 [pid 5397] close(3) = 0 [pid 5397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5397] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5397] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5398]}, 88) = 5398 [pid 5397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5397] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5398 attached [pid 5398] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5398] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5398] memfd_create("syzkaller", 0 [pid 5397] <... futex resumed>) = 0 [pid 5398] <... memfd_create resumed>) = 3 [pid 5397] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5397] <... futex resumed>) = 0 [pid 5397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5397] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} => {parent_tid=[5399]}, 88) = 5399 [pid 5397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5399 attached [pid 5399] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5397] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5397] <... futex resumed>) = 0 [pid 5397] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... set_robust_list resumed>) = 0 [pid 5398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5398] <... write resumed>) = 262144 [pid 5399] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5398] munmap(0x7f81b2d9e000, 262144 [pid 5399] <... open resumed>) = 4 [pid 5399] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5399] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5397] <... futex resumed>) = 1 [pid 5399] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5397] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... mount resumed>) = 0 [pid 5398] <... munmap resumed>) = 0 [pid 5399] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5399] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5397] <... futex resumed>) = 1 [pid 5399] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5397] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... open resumed>) = 5 [pid 5399] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5399] <... futex resumed>) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5399] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5398] <... openat resumed>) = 6 [pid 5397] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5398] ioctl(6, LOOP_SET_FD, 3 [pid 5397] <... futex resumed>) = 0 [pid 5399] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] <... ioctl resumed>) = 0 [pid 5398] close(3) = 0 [pid 5398] mkdir("./file1", 0777) = 0 [pid 5398] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5398] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5398] chdir("./file1") = 0 [pid 5398] ioctl(6, LOOP_CLR_FD) = 0 [pid 5398] close(6) = 0 [pid 5398] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] exit_group(0) = ? [pid 5398] <... futex resumed>) = ? [pid 5398] +++ exited with 0 +++ [pid 5399] <... futex resumed>) = ? [pid 5399] +++ exited with 0 +++ [pid 5397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5397, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/bus") = 0 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5402 attached , child_tidptr=0x555556eda690) = 5402 [pid 5402] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5402] chdir("./94") = 0 [pid 5402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5402] setpgid(0, 0) = 0 [pid 5402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5402] write(3, "1000", 4) = 4 [pid 5402] close(3) = 0 [ 61.640682][ T5398] loop0: detected capacity change from 0 to 512 [ 61.658592][ T5398] EXT4-fs (loop0): 1 orphan inode deleted [ 61.664584][ T5398] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5402] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5402] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5403 attached => {parent_tid=[5403]}, 88) = 5403 [pid 5402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5403] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5402] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... rseq resumed>) = 0 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5402] <... futex resumed>) = 0 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], [pid 5402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] memfd_create("syzkaller", 0 [pid 5402] <... mmap resumed>) = 0x7f81bb17d000 [pid 5402] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5404]}, 88) = 5404 [pid 5402] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5404 attached [pid 5403] <... memfd_create resumed>) = 3 [pid 5402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5402] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5404] set_robust_list(0x7f81bb19d9a0, 24 [pid 5403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5404] <... set_robust_list resumed>) = 0 [pid 5403] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5404] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5403] <... write resumed>) = 262144 [pid 5403] munmap(0x7f81b2d7d000, 262144) = 0 [ 61.729468][ T5403] __do_sys_memfd_create: 39 callbacks suppressed [ 61.729484][ T5403] syz-executor212[5403]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 61.760155][ T28] kauditd_printk_skb: 39 callbacks suppressed [pid 5403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5403] ioctl(5, LOOP_SET_FD, 3 [pid 5404] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5404] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5402] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5403] <... ioctl resumed>) = 0 [pid 5404] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5404] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5402] <... futex resumed>) = 0 [pid 5404] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5402] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... open resumed>) = 6 [pid 5403] close(3 [pid 5404] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... close resumed>) = 0 [pid 5403] mkdir("./file1", 0777) = 0 [pid 5403] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5404] <... write resumed>) = 262144 [pid 5404] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5402] <... futex resumed>) = 0 [pid 5404] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] ioctl(5, LOOP_CLR_FD) = 0 [pid 5403] close(5) = 0 [pid 5403] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] exit_group(0 [pid 5404] <... futex resumed>) = ? [pid 5402] <... exit_group resumed>) = ? [pid 5404] +++ exited with 0 +++ [pid 5403] +++ exited with 0 +++ [pid 5402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5402, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/bus") = 0 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5405 ./strace-static-x86_64: Process 5405 attached [pid 5405] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5405] chdir("./95") = 0 [pid 5405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5405] setpgid(0, 0) = 0 [pid 5405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5405] write(3, "1000", 4) = 4 [pid 5405] close(3) = 0 [pid 5405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5405] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [ 61.760167][ T28] audit: type=1800 audit(1693866692.501:96): pid=5404 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 61.768487][ T5403] loop0: detected capacity change from 0 to 512 [ 61.804513][ T5403] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5405] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5406 attached => {parent_tid=[5406]}, 88) = 5406 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5405] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5405] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5406] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5406] set_robust_list(0x7f81bb1be9a0, 24 [pid 5405] <... mprotect resumed>) = 0 [pid 5406] <... set_robust_list resumed>) = 0 [pid 5405] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5406] rt_sigprocmask(SIG_SETMASK, [], [pid 5405] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5407 attached [pid 5406] memfd_create("syzkaller", 0 [pid 5405] <... clone3 resumed> => {parent_tid=[5407]}, 88) = 5407 [pid 5407] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], [pid 5407] set_robust_list(0x7f81bb19d9a0, 24 [pid 5405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5407] <... set_robust_list resumed>) = 0 [pid 5405] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], [pid 5405] <... futex resumed>) = 0 [pid 5407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5405] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5407] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] <... futex resumed>) = 0 [pid 5405] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5407] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5407] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] <... futex resumed>) = 1 [pid 5405] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5405] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5405] <... futex resumed>) = 1 [pid 5407] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5407] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5405] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5405] <... futex resumed>) = 1 [pid 5407] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5407] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5406] <... memfd_create resumed>) = 5 [pid 5406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5406] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5406] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5406] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5406] close(5) = 0 [pid 5406] mkdir("./file1", 0777) = 0 [ 61.863859][ T5406] syz-executor212[5406]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 61.873557][ T28] audit: type=1800 audit(1693866692.601:97): pid=5407 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 61.901333][ T5406] loop0: detected capacity change from 0 to 512 [pid 5406] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5406] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5406] chdir("./file1") = 0 [pid 5406] ioctl(6, LOOP_CLR_FD) = 0 [pid 5406] close(6) = 0 [pid 5406] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] exit_group(0) = ? [pid 5407] <... futex resumed>) = ? [pid 5406] <... futex resumed>) = ? [pid 5407] +++ exited with 0 +++ [pid 5406] +++ exited with 0 +++ [pid 5405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5405, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/bus") = 0 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5410 attached [pid 5410] set_robust_list(0x555556eda6a0, 24 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5410 [pid 5410] <... set_robust_list resumed>) = 0 [pid 5410] chdir("./96") = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5410] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5411 attached [pid 5411] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [ 61.918192][ T5406] EXT4-fs (loop0): 1 orphan inode deleted [ 61.924140][ T5406] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/95/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5410] <... clone3 resumed> => {parent_tid=[5411]}, 88) = 5411 [pid 5411] <... rseq resumed>) = 0 [pid 5411] set_robust_list(0x7f81bb1be9a0, 24 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5410] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5410] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5411] <... set_robust_list resumed>) = 0 [pid 5411] rt_sigprocmask(SIG_SETMASK, [], [pid 5410] <... mprotect resumed>) = 0 [pid 5411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5411] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5412 attached [pid 5412] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5412] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5412] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... clone3 resumed> => {parent_tid=[5412]}, 88) = 5412 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5410] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5412] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5410] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... open resumed>) = 3 [pid 5411] <... memfd_create resumed>) = 4 [pid 5412] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5412] <... mount resumed>) = 0 [pid 5412] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5412] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5410] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... open resumed>) = 5 [pid 5412] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5412] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... futex resumed>) = 0 [pid 5412] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5412] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5412] <... futex resumed>) = 1 [pid 5412] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5411] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5411] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5411] close(4) = 0 [pid 5411] mkdir("./file1", 0777) = 0 [ 61.981241][ T5411] syz-executor212[5411]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 61.984587][ T28] audit: type=1800 audit(1693866692.721:98): pid=5412 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.021044][ T5411] loop0: detected capacity change from 0 to 512 [pid 5411] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5411] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5411] chdir("./file1") = 0 [pid 5411] ioctl(6, LOOP_CLR_FD) = 0 [pid 5411] close(6) = 0 [pid 5411] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] exit_group(0 [pid 5412] <... futex resumed>) = ? [pid 5410] <... exit_group resumed>) = ? [pid 5412] +++ exited with 0 +++ [pid 5411] <... futex resumed>) = ? [pid 5411] +++ exited with 0 +++ [pid 5410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5410, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/bus") = 0 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 62.038062][ T5411] EXT4-fs (loop0): 1 orphan inode deleted [ 62.043955][ T5411] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/96/file1 supports timestamps until 2038-01-19 (0x7fffffff) openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5415 attached , child_tidptr=0x555556eda690) = 5415 [pid 5415] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5415] chdir("./97") = 0 [pid 5415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5415] setpgid(0, 0) = 0 [pid 5415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5415] write(3, "1000", 4) = 4 [pid 5415] close(3) = 0 [pid 5415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5415] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5415] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5415] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5416 attached => {parent_tid=[5416]}, 88) = 5416 [pid 5415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5416] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5416] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5416] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5416] memfd_create("syzkaller", 0 [pid 5415] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5415] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5417]}, 88) = 5417 [pid 5415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5415] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5417 attached [pid 5417] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5417] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5417] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5416] <... memfd_create resumed>) = 3 [pid 5416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5417] <... open resumed>) = 4 [pid 5416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5417] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] <... futex resumed>) = 0 [pid 5415] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = 0 [pid 5415] <... futex resumed>) = 1 [pid 5417] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5417] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5417] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5415] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = 0 [pid 5415] <... futex resumed>) = 1 [pid 5417] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5417] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] <... write resumed>) = 262144 [pid 5417] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5415] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = 0 [pid 5415] <... futex resumed>) = 1 [pid 5417] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5416] munmap(0x7f81b2d7d000, 262144 [pid 5417] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5415] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5417] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] <... munmap resumed>) = 0 [pid 5416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5416] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5416] close(3) = 0 [pid 5416] mkdir("./file1", 0777) = 0 [ 62.133807][ T5416] syz-executor212[5416]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 62.145291][ T28] audit: type=1800 audit(1693866692.891:99): pid=5417 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.170805][ T5416] loop0: detected capacity change from 0 to 512 [pid 5416] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5416] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5416] chdir("./file1") = 0 [pid 5416] ioctl(6, LOOP_CLR_FD) = 0 [pid 5416] close(6) = 0 [pid 5416] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] exit_group(0 [pid 5417] <... futex resumed>) = ? [pid 5416] <... futex resumed>) = ? [pid 5415] <... exit_group resumed>) = ? [pid 5417] +++ exited with 0 +++ [pid 5416] +++ exited with 0 +++ [pid 5415] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5415, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/bus") = 0 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 [ 62.188057][ T5416] EXT4-fs (loop0): 1 orphan inode deleted [ 62.193849][ T5416] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/97/file1 supports timestamps until 2038-01-19 (0x7fffffff) mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5420 attached , child_tidptr=0x555556eda690) = 5420 [pid 5420] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5420] chdir("./98") = 0 [pid 5420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5420] setpgid(0, 0) = 0 [pid 5420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5420] write(3, "1000", 4) = 4 [pid 5420] close(3) = 0 [pid 5420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5420] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5420] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5420] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5421]}, 88) = 5421 ./strace-static-x86_64: Process 5421 attached [pid 5421] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5420] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5421] <... rseq resumed>) = 0 [pid 5421] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5420] <... mmap resumed>) = 0x7f81bb17d000 [pid 5420] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5421] rt_sigprocmask(SIG_SETMASK, [], [pid 5420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5421] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5422 attached [pid 5420] <... clone3 resumed> => {parent_tid=[5422]}, 88) = 5422 [pid 5422] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5420] rt_sigprocmask(SIG_SETMASK, [], [pid 5422] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5422] rt_sigprocmask(SIG_SETMASK, [], [pid 5420] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5420] <... futex resumed>) = 0 [pid 5422] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5420] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... open resumed>) = 3 [pid 5421] <... memfd_create resumed>) = 4 [pid 5421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5421] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5421] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5421] ioctl(5, LOOP_SET_FD, 4 [pid 5422] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5422] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5420] <... futex resumed>) = 0 [pid 5422] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5420] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... ioctl resumed>) = 0 [pid 5422] <... mount resumed>) = 0 [pid 5422] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] close(4) = 0 [pid 5420] <... futex resumed>) = 0 [pid 5422] <... futex resumed>) = 1 [pid 5420] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5420] <... futex resumed>) = 0 [pid 5422] <... open resumed>) = 4 [pid 5421] mkdir("./file1", 0777 [pid 5420] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... mkdir resumed>) = 0 [pid 5420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5422] <... futex resumed>) = 0 [pid 5421] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5420] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5420] <... futex resumed>) = 0 [ 62.270122][ T5421] syz-executor212[5421]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 62.270952][ T28] audit: type=1800 audit(1693866693.011:100): pid=5422 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.302034][ T5421] loop0: detected capacity change from 0 to 512 [pid 5420] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... write resumed>) = 262144 [pid 5422] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5422] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5421] ioctl(5, LOOP_CLR_FD) = 0 [pid 5421] close(5) = 0 [pid 5421] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] exit_group(0 [pid 5421] <... futex resumed>) = ? [pid 5421] +++ exited with 0 +++ [pid 5422] <... futex resumed>) = ? [pid 5422] +++ exited with 0 +++ [pid 5420] <... exit_group resumed>) = ? [pid 5420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5420, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/bus") = 0 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5425 ./strace-static-x86_64: Process 5425 attached [pid 5425] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5425] chdir("./99") = 0 [pid 5425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5425] setpgid(0, 0) = 0 [pid 5425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5425] write(3, "1000", 4) = 4 [pid 5425] close(3) = 0 [pid 5425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5425] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5425] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5426 attached => {parent_tid=[5426]}, 88) = 5426 [pid 5426] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], [pid 5426] <... rseq resumed>) = 0 [pid 5426] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5426] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] memfd_create("syzkaller", 0 [pid 5425] <... futex resumed>) = 0 [ 62.318690][ T5423] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 62.325220][ T5421] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor212: Invalid inode table block 0 in block_group 0 [ 62.343363][ T5421] EXT4-fs (loop0): get root inode failed [ 62.349067][ T5421] EXT4-fs (loop0): mount failed [pid 5425] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5425] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5427]}, 88) = 5427 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5425] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5427 attached [pid 5426] <... memfd_create resumed>) = 3 [pid 5427] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5427] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5426] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5427] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5427] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5425] <... futex resumed>) = 0 [pid 5427] <... mount resumed>) = 0 [pid 5425] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... write resumed>) = 262144 [pid 5427] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] munmap(0x7f81b2d7d000, 262144 [pid 5427] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5427] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5426] <... munmap resumed>) = 0 [pid 5425] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... open resumed>) = 5 [pid 5425] <... futex resumed>) = 0 [pid 5426] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5427] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] <... openat resumed>) = 6 [pid 5425] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] ioctl(6, LOOP_SET_FD, 3 [pid 5425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... futex resumed>) = 0 [ 62.392337][ T5426] syz-executor212[5426]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 62.405587][ T28] audit: type=1800 audit(1693866693.151:101): pid=5427 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.429977][ T5426] loop0: detected capacity change from 0 to 512 [pid 5427] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5426] <... ioctl resumed>) = 0 [pid 5426] close(3) = 0 [pid 5426] mkdir("./file1", 0777) = 0 [pid 5426] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5427] <... write resumed>) = -1 EIO (Input/output error) [pid 5427] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5427] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5426] ioctl(6, LOOP_CLR_FD) = 0 [pid 5426] close(6) = 0 [pid 5426] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] exit_group(0) = ? [pid 5427] <... futex resumed>) = ? [pid 5426] <... futex resumed>) = ? [pid 5427] +++ exited with 0 +++ [pid 5426] +++ exited with 0 +++ [pid 5425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5425, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/bus") = 0 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5428 attached , child_tidptr=0x555556eda690) = 5428 [pid 5428] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5428] chdir("./100") = 0 [pid 5428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5428] setpgid(0, 0) = 0 [pid 5428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5428] write(3, "1000", 4) = 4 [pid 5428] close(3) = 0 [pid 5428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5428] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5428] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5429 attached => {parent_tid=[5429]}, 88) = 5429 [pid 5428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5428] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5429] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5429] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5428] <... mmap resumed>) = 0x7f81bb17d000 [ 62.436594][ T5427] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 62.447604][ T5427] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 62.460364][ T5426] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5428] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5429] rt_sigprocmask(SIG_SETMASK, [], [pid 5428] <... mprotect resumed>) = 0 [pid 5428] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5430 attached => {parent_tid=[5430]}, 88) = 5430 [pid 5430] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5428] rt_sigprocmask(SIG_SETMASK, [], [pid 5430] set_robust_list(0x7f81bb19d9a0, 24 [pid 5428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5430] <... set_robust_list resumed>) = 0 [pid 5428] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] rt_sigprocmask(SIG_SETMASK, [], [pid 5428] <... futex resumed>) = 0 [pid 5430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5429] memfd_create("syzkaller", 0 [pid 5430] <... open resumed>) = 3 [pid 5430] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... memfd_create resumed>) = 4 [pid 5430] <... futex resumed>) = 1 [pid 5430] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5429] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5429] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5429] ioctl(5, LOOP_SET_FD, 4 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 0 [pid 5430] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5430] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 1 [pid 5430] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5430] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... ioctl resumed>) = 0 [pid 5429] close(4) = 0 [pid 5429] mkdir("./file1", 0777 [pid 5430] <... futex resumed>) = 1 [pid 5429] <... mkdir resumed>) = 0 [pid 5429] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5430] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5430] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [ 62.504671][ T5429] syz-executor212[5429]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 62.505327][ T28] audit: type=1800 audit(1693866693.251:102): pid=5430 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.533049][ T5429] loop0: detected capacity change from 0 to 512 [pid 5430] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5429] ioctl(5, LOOP_CLR_FD) = 0 [pid 5429] close(5) = 0 [pid 5429] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] exit_group(0 [pid 5430] <... futex resumed>) = ? [pid 5429] <... futex resumed>) = ? [pid 5428] <... exit_group resumed>) = ? [pid 5430] +++ exited with 0 +++ [pid 5429] +++ exited with 0 +++ [pid 5428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5428, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/bus") = 0 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5431 ./strace-static-x86_64: Process 5431 attached [pid 5431] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5431] chdir("./101") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5431] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5431] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5432 attached [ 62.565169][ T5429] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5432] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5432] set_robust_list(0x7f81bb1be9a0, 24 [pid 5431] <... clone3 resumed> => {parent_tid=[5432]}, 88) = 5432 [pid 5432] <... set_robust_list resumed>) = 0 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5432] rt_sigprocmask(SIG_SETMASK, [], [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5431] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] memfd_create("syzkaller", 0 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5431] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5433]}, 88) = 5433 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5431] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5433 attached [pid 5433] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5433] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5433] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5432] <... memfd_create resumed>) = 4 [pid 5433] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5433] <... futex resumed>) = 1 [pid 5433] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5433] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5433] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5433] <... futex resumed>) = 0 [pid 5432] <... write resumed>) = 262144 [pid 5431] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] munmap(0x7f81b2d7d000, 262144 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5432] <... munmap resumed>) = 0 [pid 5431] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5433] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5433] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5432] <... openat resumed>) = 5 [pid 5433] <... open resumed>) = 6 [pid 5431] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] ioctl(5, LOOP_SET_FD, 4 [pid 5433] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = 1 [ 62.626995][ T5432] syz-executor212[5432]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 62.630295][ T28] audit: type=1800 audit(1693866693.371:103): pid=5433 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5431] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5431] <... futex resumed>) = 0 [pid 5433] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5432] <... ioctl resumed>) = 0 [pid 5431] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] close(4) = 0 [pid 5432] mkdir("./file1", 0777) = 0 [ 62.675250][ T5432] loop0: detected capacity change from 0 to 512 [pid 5432] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5432] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5432] chdir("./file1") = 0 [pid 5432] ioctl(5, LOOP_CLR_FD) = 0 [pid 5432] close(5) = 0 [pid 5432] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] exit_group(0) = ? [pid 5432] <... futex resumed>) = ? [pid 5433] <... futex resumed>) = ? [pid 5432] +++ exited with 0 +++ [pid 5433] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/bus") = 0 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 62.697764][ T5432] EXT4-fs (loop0): 1 orphan inode deleted [ 62.703537][ T5432] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/101/file1 supports timestamps until 2038-01-19 (0x7fffffff) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5436 ./strace-static-x86_64: Process 5436 attached [pid 5436] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5436] chdir("./102") = 0 [pid 5436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5436] setpgid(0, 0) = 0 [pid 5436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5436] write(3, "1000", 4) = 4 [pid 5436] close(3) = 0 [pid 5436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5436] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5436] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5437 attached [pid 5437] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5436] <... clone3 resumed> => {parent_tid=[5437]}, 88) = 5437 [pid 5437] <... rseq resumed>) = 0 [pid 5436] rt_sigprocmask(SIG_SETMASK, [], [pid 5437] set_robust_list(0x7f81bb1be9a0, 24 [pid 5436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5437] <... set_robust_list resumed>) = 0 [pid 5436] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] rt_sigprocmask(SIG_SETMASK, [], [pid 5436] <... futex resumed>) = 0 [pid 5437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5436] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] memfd_create("syzkaller", 0 [pid 5436] <... futex resumed>) = 0 [pid 5436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5436] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5438 attached [pid 5438] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5438] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5436] <... clone3 resumed> => {parent_tid=[5438]}, 88) = 5438 [pid 5438] rt_sigprocmask(SIG_SETMASK, [], [pid 5436] rt_sigprocmask(SIG_SETMASK, [], [pid 5438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5438] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] <... memfd_create resumed>) = 3 [pid 5437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5436] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5436] <... futex resumed>) = 1 [pid 5438] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5436] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... open resumed>) = 4 [pid 5438] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... futex resumed>) = 1 [pid 5438] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5438] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... futex resumed>) = 1 [pid 5438] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5438] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5438] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5436] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5438] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5438] <... futex resumed>) = 1 [pid 5438] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] <... write resumed>) = 262144 [pid 5437] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5437] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5437] close(3) = 0 [pid 5437] mkdir("./file1", 0777) = 0 [ 62.771480][ T5437] syz-executor212[5437]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 62.783355][ T28] audit: type=1800 audit(1693866693.521:104): pid=5438 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 62.810313][ T5437] loop0: detected capacity change from 0 to 512 [pid 5437] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5437] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5437] chdir("./file1") = 0 [pid 5437] ioctl(6, LOOP_CLR_FD) = 0 [pid 5437] close(6) = 0 [pid 5437] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] exit_group(0 [pid 5438] <... futex resumed>) = ? [pid 5437] <... futex resumed>) = ? [pid 5436] <... exit_group resumed>) = ? [pid 5437] +++ exited with 0 +++ [pid 5438] +++ exited with 0 +++ [pid 5436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5436, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/bus") = 0 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5441 ./strace-static-x86_64: Process 5441 attached [pid 5441] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5441] chdir("./103") = 0 [pid 5441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5441] setpgid(0, 0) = 0 [pid 5441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5441] write(3, "1000", 4) = 4 [ 62.827797][ T5437] EXT4-fs (loop0): 1 orphan inode deleted [ 62.833755][ T5437] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/102/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5441] close(3) = 0 [pid 5441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5441] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5441] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5442 attached => {parent_tid=[5442]}, 88) = 5442 [pid 5442] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5442] <... rseq resumed>) = 0 [pid 5442] set_robust_list(0x7f81bb1be9a0, 24 [pid 5441] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... set_robust_list resumed>) = 0 [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], [pid 5441] <... futex resumed>) = 0 [pid 5442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5442] memfd_create("syzkaller", 0 [pid 5441] <... mmap resumed>) = 0x7f81bb17d000 [pid 5442] <... memfd_create resumed>) = 3 [pid 5441] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5441] <... mprotect resumed>) = 0 [pid 5442] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5441] <... clone3 resumed> => {parent_tid=[5443]}, 88) = 5443 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5441] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5443 attached [pid 5443] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5443] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5442] <... write resumed>) = 262144 [pid 5443] rt_sigprocmask(SIG_SETMASK, [], [pid 5442] munmap(0x7f81b2d7d000, 262144 [pid 5443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5442] <... munmap resumed>) = 0 [pid 5443] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5443] <... open resumed>) = 5 [pid 5442] ioctl(4, LOOP_SET_FD, 3 [pid 5443] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5441] <... futex resumed>) = 1 [pid 5443] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5441] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... mount resumed>) = 0 [pid 5443] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [ 62.897256][ T5442] syz-executor212[5442]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 62.923162][ T28] audit: type=1800 audit(1693866693.661:105): pid=5443 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5443] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5441] <... futex resumed>) = 0 [pid 5443] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5441] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... open resumed>) = 6 [pid 5443] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... ioctl resumed>) = 0 [pid 5443] <... futex resumed>) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5443] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5442] close(3 [pid 5441] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5442] <... close resumed>) = 0 [pid 5441] <... futex resumed>) = 0 [pid 5443] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5442] mkdir("./file1", 0777 [pid 5441] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... write resumed>) = 262144 [pid 5443] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... futex resumed>) = 0 [pid 5442] <... mkdir resumed>) = 0 [pid 5443] <... futex resumed>) = 1 [pid 5442] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5443] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5442] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5442] ioctl(4, LOOP_CLR_FD) = 0 [pid 5442] close(4) = 0 [pid 5442] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] exit_group(0 [pid 5443] <... futex resumed>) = ? [pid 5442] <... futex resumed>) = ? [pid 5441] <... exit_group resumed>) = ? [pid 5443] +++ exited with 0 +++ [pid 5442] +++ exited with 0 +++ [pid 5441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5441, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/bus") = 0 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5444 attached , child_tidptr=0x555556eda690) = 5444 [pid 5444] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5444] chdir("./104") = 0 [pid 5444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5444] setpgid(0, 0) = 0 [pid 5444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5444] write(3, "1000", 4) = 4 [pid 5444] close(3) = 0 [pid 5444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5444] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5444] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5445]}, 88) = 5445 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5444] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 ./strace-static-x86_64: Process 5445 attached [pid 5444] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5445] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5444] <... mprotect resumed>) = 0 [pid 5445] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], [pid 5444] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5444] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5445] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 5446 attached [pid 5445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5446] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5444] <... clone3 resumed> => {parent_tid=[5446]}, 88) = 5446 [pid 5446] <... rseq resumed>) = 0 [pid 5445] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5446] set_robust_list(0x7f81bb19d9a0, 24 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], [pid 5446] <... set_robust_list resumed>) = 0 [ 62.923368][ T5442] loop0: detected capacity change from 0 to 512 [ 62.958764][ T5442] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5446] rt_sigprocmask(SIG_SETMASK, [], [pid 5444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5444] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5444] <... futex resumed>) = 0 [pid 5446] <... open resumed>) = 4 [pid 5445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5444] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] <... futex resumed>) = 1 [pid 5446] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5446] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] <... futex resumed>) = 1 [pid 5446] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5446] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5446] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5444] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5445] <... write resumed>) = 262144 [pid 5445] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5445] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5445] close(3) = 0 [pid 5445] mkdir("./file1", 0777) = 0 [pid 5445] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5445] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5445] chdir("./file1") = 0 [pid 5445] ioctl(6, LOOP_CLR_FD) = 0 [pid 5445] close(6) = 0 [pid 5445] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] exit_group(0 [pid 5446] <... futex resumed>) = ? [pid 5444] <... exit_group resumed>) = ? [pid 5446] +++ exited with 0 +++ [pid 5445] +++ exited with 0 +++ [pid 5444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5444, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/bus") = 0 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 [ 63.023792][ T5445] loop0: detected capacity change from 0 to 512 [ 63.051406][ T5445] EXT4-fs (loop0): 1 orphan inode deleted [ 63.057678][ T5445] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/104/file1 supports timestamps until 2038-01-19 (0x7fffffff) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5449 ./strace-static-x86_64: Process 5449 attached [pid 5449] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5449] chdir("./105") = 0 [pid 5449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5449] setpgid(0, 0) = 0 [pid 5449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5449] write(3, "1000", 4) = 4 [pid 5449] close(3) = 0 [pid 5449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5449] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5449] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5449] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5450 attached => {parent_tid=[5450]}, 88) = 5450 [pid 5449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5449] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5450] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5449] <... mmap resumed>) = 0x7f81bb17d000 [pid 5449] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5450] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5449] <... mprotect resumed>) = 0 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], [pid 5449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5450] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5451 attached [pid 5449] <... clone3 resumed> => {parent_tid=[5451]}, 88) = 5451 [pid 5451] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5449] rt_sigprocmask(SIG_SETMASK, [], [pid 5451] set_robust_list(0x7f81bb19d9a0, 24 [pid 5449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5451] <... set_robust_list resumed>) = 0 [pid 5450] <... memfd_create resumed>) = 3 [pid 5451] rt_sigprocmask(SIG_SETMASK, [], [pid 5449] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5449] <... futex resumed>) = 0 [pid 5451] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5449] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... open resumed>) = 4 [pid 5450] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5451] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... futex resumed>) = 1 [pid 5451] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5451] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... futex resumed>) = 1 [pid 5451] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5451] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... futex resumed>) = 1 [pid 5451] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5451] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5451] <... futex resumed>) = 1 [pid 5451] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] <... write resumed>) = 262144 [pid 5450] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5450] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5450] close(3) = 0 [pid 5450] mkdir("./file1", 0777) = 0 [pid 5450] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5450] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5450] chdir("./file1") = 0 [pid 5450] ioctl(6, LOOP_CLR_FD) = 0 [pid 5450] close(6) = 0 [pid 5450] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] exit_group(0) = ? [pid 5451] <... futex resumed>) = ? [pid 5450] <... futex resumed>) = ? [pid 5451] +++ exited with 0 +++ [pid 5450] +++ exited with 0 +++ [pid 5449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5449, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/bus") = 0 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 [ 63.140867][ T5450] loop0: detected capacity change from 0 to 512 [ 63.157714][ T5450] EXT4-fs (loop0): 1 orphan inode deleted [ 63.163672][ T5450] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/105/file1 supports timestamps until 2038-01-19 (0x7fffffff) mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5454 attached , child_tidptr=0x555556eda690) = 5454 [pid 5454] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5454] chdir("./106") = 0 [pid 5454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5454] setpgid(0, 0) = 0 [pid 5454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5454] write(3, "1000", 4) = 4 [pid 5454] close(3) = 0 [pid 5454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5454] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5454] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5454] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5455]}, 88) = 5455 ./strace-static-x86_64: Process 5455 attached [pid 5455] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5454] rt_sigprocmask(SIG_SETMASK, [], [pid 5455] <... rseq resumed>) = 0 [pid 5455] set_robust_list(0x7f81bb1be9a0, 24 [pid 5454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5455] <... set_robust_list resumed>) = 0 [pid 5454] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5454] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5455] rt_sigprocmask(SIG_SETMASK, [], [pid 5454] <... mprotect resumed>) = 0 [pid 5455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5455] memfd_create("syzkaller", 0) = 3 [pid 5455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5455] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5456 attached => {parent_tid=[5456]}, 88) = 5456 [pid 5454] rt_sigprocmask(SIG_SETMASK, [], [pid 5456] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5454] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] <... rseq resumed>) = 0 [pid 5454] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5456] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5456] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5454] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5456] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5454] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] munmap(0x7f81b2d7d000, 262144 [pid 5456] <... mount resumed>) = 0 [pid 5454] <... futex resumed>) = 0 [pid 5455] <... munmap resumed>) = 0 [pid 5454] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5456] <... futex resumed>) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5456] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5454] <... futex resumed>) = 0 [pid 5456] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5454] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... openat resumed>) = 5 [pid 5456] <... open resumed>) = 6 [pid 5455] ioctl(5, LOOP_SET_FD, 3 [pid 5456] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5455] <... ioctl resumed>) = 0 [pid 5456] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5455] close(3 [pid 5454] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... close resumed>) = 0 [pid 5454] <... futex resumed>) = 0 [pid 5455] mkdir("./file1", 0777 [pid 5454] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... mkdir resumed>) = 0 [pid 5455] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5456] <... write resumed>) = 262144 [pid 5456] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5456] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5455] ioctl(5, LOOP_CLR_FD) = 0 [pid 5455] close(5) = 0 [pid 5455] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] exit_group(0 [pid 5456] <... futex resumed>) = ? [pid 5454] <... exit_group resumed>) = ? [pid 5456] +++ exited with 0 +++ [pid 5455] +++ exited with 0 +++ [pid 5454] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5454, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/bus") = 0 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5457 attached [pid 5457] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5457] chdir("./107") = 0 [pid 5457] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5457 [pid 5457] <... prctl resumed>) = 0 [pid 5457] setpgid(0, 0) = 0 [pid 5457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5457] write(3, "1000", 4) = 4 [pid 5457] close(3) = 0 [pid 5457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5457] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5457] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5458 attached [pid 5458] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5457] <... clone3 resumed> => {parent_tid=[5458]}, 88) = 5458 [pid 5458] set_robust_list(0x7f81bb1be9a0, 24 [pid 5457] rt_sigprocmask(SIG_SETMASK, [], [pid 5458] <... set_robust_list resumed>) = 0 [pid 5457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5458] rt_sigprocmask(SIG_SETMASK, [], [pid 5457] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5457] <... futex resumed>) = 0 [pid 5458] memfd_create("syzkaller", 0 [pid 5457] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5458] <... memfd_create resumed>) = 3 [pid 5458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5457] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5458] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5457] <... mprotect resumed>) = 0 [pid 5457] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5457] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5459]}, 88) = 5459 [pid 5457] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5459 attached NULL, 8) = 0 [pid 5457] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5459] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5458] <... write resumed>) = 262144 [pid 5458] munmap(0x7f81b2d7d000, 262144 [pid 5459] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5458] <... munmap resumed>) = 0 [pid 5458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 63.250657][ T5455] loop0: detected capacity change from 0 to 512 [ 63.264359][ T5455] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5458] ioctl(5, LOOP_SET_FD, 3 [pid 5459] <... open resumed>) = 4 [pid 5459] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] <... futex resumed>) = 0 [pid 5457] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = 1 [pid 5459] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5457] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5457] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5457] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5459] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5457] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5457] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5458] <... ioctl resumed>) = 0 [pid 5458] close(3) = 0 [pid 5458] mkdir("./file1", 0777) = 0 [pid 5458] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5459] <... write resumed>) = 262144 [pid 5459] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] <... futex resumed>) = 0 [pid 5458] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5458] ioctl(5, LOOP_CLR_FD) = 0 [pid 5458] close(5) = 0 [pid 5458] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] exit_group(0) = ? [pid 5459] <... futex resumed>) = ? [pid 5459] +++ exited with 0 +++ [pid 5458] <... futex resumed>) = ? [pid 5458] +++ exited with 0 +++ [pid 5457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5457, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/bus") = 0 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5460 attached , child_tidptr=0x555556eda690) = 5460 [pid 5460] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5460] chdir("./108") = 0 [pid 5460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5460] setpgid(0, 0) = 0 [pid 5460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5460] write(3, "1000", 4) = 4 [pid 5460] close(3) = 0 [pid 5460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5460] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5460] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5461 attached [pid 5461] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5461] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5461] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] <... clone3 resumed> => {parent_tid=[5461]}, 88) = 5461 [pid 5460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5460] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5460] <... futex resumed>) = 1 [pid 5461] memfd_create("syzkaller", 0 [pid 5460] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] <... memfd_create resumed>) = 3 [ 63.306962][ T5458] loop0: detected capacity change from 0 to 512 [ 63.320559][ T5458] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5460] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5460] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5462 attached [pid 5462] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5462] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5462] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] <... write resumed>) = 262144 [pid 5460] <... clone3 resumed> => {parent_tid=[5462]}, 88) = 5462 [pid 5461] munmap(0x7f81b2d9e000, 262144 [pid 5460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5460] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5460] <... futex resumed>) = 1 [pid 5462] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5460] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... munmap resumed>) = 0 [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5462] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5462] <... futex resumed>) = 1 [pid 5461] ioctl(5, LOOP_SET_FD, 3 [pid 5462] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5462] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5461] <... ioctl resumed>) = 0 [pid 5461] close(3) = 0 [pid 5461] mkdir("./file1", 0777) = 0 [pid 5461] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5462] <... write resumed>) = -1 EIO (Input/output error) [pid 5462] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5462] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5461] ioctl(5, LOOP_CLR_FD) = 0 [pid 5461] close(5) = 0 [pid 5461] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] exit_group(0 [pid 5462] <... futex resumed>) = ? [pid 5461] <... futex resumed>) = ? [pid 5460] <... exit_group resumed>) = ? [pid 5462] +++ exited with 0 +++ [pid 5461] +++ exited with 0 +++ [pid 5460] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5460, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/bus") = 0 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5463 attached , child_tidptr=0x555556eda690) = 5463 [pid 5463] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5463] chdir("./109") = 0 [pid 5463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5463] setpgid(0, 0) = 0 [pid 5463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5463] write(3, "1000", 4) = 4 [pid 5463] close(3) = 0 [pid 5463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5463] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5463] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5463] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5464 attached => {parent_tid=[5464]}, 88) = 5464 [pid 5463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5463] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5464] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5463] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5464] <... rseq resumed>) = 0 [pid 5463] <... mprotect resumed>) = 0 [pid 5464] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5464] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 5465 attached [pid 5464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5463] <... clone3 resumed> => {parent_tid=[5465]}, 88) = 5465 [pid 5465] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5464] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5465] <... rseq resumed>) = 0 [pid 5464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5463] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5464] <... write resumed>) = 262144 [pid 5465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5464] munmap(0x7f81b2d7d000, 262144 [pid 5465] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5465] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5465] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5463] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] <... futex resumed>) = 0 [pid 5463] <... futex resumed>) = 1 [pid 5465] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5464] <... munmap resumed>) = 0 [pid 5465] <... mount resumed>) = 0 [pid 5463] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5465] <... futex resumed>) = 0 [pid 5463] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5463] <... futex resumed>) = 0 [ 63.375624][ T5461] loop0: detected capacity change from 0 to 512 [ 63.380138][ T5462] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 63.391671][ T5462] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 63.403300][ T5461] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5465] <... open resumed>) = 5 [pid 5464] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5463] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... openat resumed>) = 6 [pid 5465] <... futex resumed>) = 0 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5465] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] ioctl(6, LOOP_SET_FD, 3 [pid 5463] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5464] <... ioctl resumed>) = 0 [pid 5464] close(3) = 0 [pid 5464] mkdir("./file1", 0777) = 0 [pid 5464] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5465] <... write resumed>) = -1 EIO (Input/output error) [pid 5465] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5465] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5464] ioctl(6, LOOP_CLR_FD) = 0 [pid 5464] close(6) = 0 [pid 5464] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5463] exit_group(0 [pid 5464] <... futex resumed>) = ? [pid 5463] <... exit_group resumed>) = ? [pid 5464] +++ exited with 0 +++ [pid 5465] <... futex resumed>) = ? [pid 5465] +++ exited with 0 +++ [pid 5463] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5463, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/bus") = 0 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5466 attached , child_tidptr=0x555556eda690) = 5466 [pid 5466] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5466] chdir("./110") = 0 [pid 5466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5466] setpgid(0, 0) = 0 [pid 5466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5466] write(3, "1000", 4) = 4 [pid 5466] close(3) = 0 [pid 5466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5466] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5466] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5466] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5467 attached [pid 5467] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5467] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5467] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] <... clone3 resumed> => {parent_tid=[5467]}, 88) = 5467 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5466] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5466] <... futex resumed>) = 1 [pid 5467] memfd_create("syzkaller", 0 [pid 5466] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5467] <... memfd_create resumed>) = 3 [pid 5466] <... mmap resumed>) = 0x7f81bb17d000 [ 63.457256][ T5464] loop0: detected capacity change from 0 to 512 [ 63.461804][ T5465] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 63.474575][ T5465] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 63.488464][ T5464] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5466] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5468 attached [pid 5467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5468] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5466] <... clone3 resumed> => {parent_tid=[5468]}, 88) = 5468 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5466] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... rseq resumed>) = 0 [pid 5468] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5467] <... write resumed>) = 262144 [pid 5467] munmap(0x7f81b2d7d000, 262144 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5468] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5467] <... munmap resumed>) = 0 [pid 5467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5467] ioctl(5, LOOP_SET_FD, 3 [pid 5468] <... open resumed>) = 4 [pid 5468] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... futex resumed>) = 0 [pid 5468] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5468] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... futex resumed>) = 0 [pid 5468] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5468] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... futex resumed>) = 0 [pid 5468] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5467] <... ioctl resumed>) = 0 [pid 5467] close(3) = 0 [pid 5467] mkdir("./file1", 0777) = 0 [pid 5467] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5468] <... write resumed>) = 262144 [pid 5468] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] <... futex resumed>) = 0 [pid 5467] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5467] ioctl(5, LOOP_CLR_FD) = 0 [pid 5467] close(5) = 0 [pid 5467] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] exit_group(0 [pid 5467] <... futex resumed>) = ? [pid 5468] <... futex resumed>) = ? [pid 5466] <... exit_group resumed>) = ? [pid 5467] +++ exited with 0 +++ [pid 5468] +++ exited with 0 +++ [pid 5466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5466, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/bus") = 0 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5469 attached , child_tidptr=0x555556eda690) = 5469 [pid 5469] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5469] chdir("./111") = 0 [pid 5469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5469] setpgid(0, 0) = 0 [pid 5469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5469] write(3, "1000", 4) = 4 [pid 5469] close(3) = 0 [pid 5469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5469] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5469] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5470 attached [pid 5470] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5469] <... clone3 resumed> => {parent_tid=[5470]}, 88) = 5470 [pid 5470] <... rseq resumed>) = 0 [pid 5469] rt_sigprocmask(SIG_SETMASK, [], [pid 5470] set_robust_list(0x7f81bb1be9a0, 24 [pid 5469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5470] <... set_robust_list resumed>) = 0 [pid 5469] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] rt_sigprocmask(SIG_SETMASK, [], [pid 5469] <... futex resumed>) = 0 [pid 5470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5469] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] memfd_create("syzkaller", 0 [pid 5469] <... futex resumed>) = 0 [pid 5469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5469] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5470] <... memfd_create resumed>) = 3 [pid 5470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5471 attached [pid 5470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5469] <... clone3 resumed> => {parent_tid=[5471]}, 88) = 5471 [pid 5469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5469] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5471] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5471] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5470] <... write resumed>) = 262144 [ 63.542281][ T5467] loop0: detected capacity change from 0 to 512 [ 63.557237][ T5467] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5470] munmap(0x7f81b2d7d000, 262144 [pid 5471] <... open resumed>) = 4 [pid 5470] <... munmap resumed>) = 0 [pid 5471] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5469] <... futex resumed>) = 0 [pid 5471] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] <... futex resumed>) = 0 [pid 5469] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5470] <... openat resumed>) = 5 [pid 5471] <... mount resumed>) = 0 [pid 5471] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] ioctl(5, LOOP_SET_FD, 3 [pid 5471] <... futex resumed>) = 1 [pid 5469] <... futex resumed>) = 0 [pid 5471] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5471] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... ioctl resumed>) = 0 [pid 5470] close(3) = 0 [pid 5469] <... futex resumed>) = 1 [pid 5470] mkdir("./file1", 0777 [pid 5469] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... futex resumed>) = 0 [pid 5471] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5470] <... mkdir resumed>) = 0 [pid 5470] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5471] <... write resumed>) = 262144 [pid 5471] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] <... futex resumed>) = 0 [pid 5470] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5470] ioctl(5, LOOP_CLR_FD) = 0 [pid 5470] close(5) = 0 [pid 5470] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] exit_group(0 [pid 5471] <... futex resumed>) = ? [pid 5469] <... exit_group resumed>) = ? [pid 5471] +++ exited with 0 +++ [pid 5470] <... futex resumed>) = ? [pid 5470] +++ exited with 0 +++ [pid 5469] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5469, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/bus") = 0 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5472 attached , child_tidptr=0x555556eda690) = 5472 [pid 5472] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5472] chdir("./112") = 0 [pid 5472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5472] setpgid(0, 0) = 0 [pid 5472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5472] write(3, "1000", 4) = 4 [pid 5472] close(3) = 0 [pid 5472] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5472] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5472] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5472] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5472] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5472] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5473 attached [pid 5473] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5472] <... clone3 resumed> => {parent_tid=[5473]}, 88) = 5473 [pid 5473] <... rseq resumed>) = 0 [pid 5472] rt_sigprocmask(SIG_SETMASK, [], [pid 5473] set_robust_list(0x7f81bb1be9a0, 24 [pid 5472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5473] <... set_robust_list resumed>) = 0 [pid 5472] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], [pid 5472] <... futex resumed>) = 0 [pid 5473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5472] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5473] memfd_create("syzkaller", 0 [pid 5472] <... mmap resumed>) = 0x7f81bb17d000 [pid 5472] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5473] <... memfd_create resumed>) = 3 [pid 5472] <... mprotect resumed>) = 0 [pid 5473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5472] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5472] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5474 attached [pid 5474] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5474] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5474] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5472] <... clone3 resumed> => {parent_tid=[5474]}, 88) = 5474 [pid 5472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5472] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [ 63.604418][ T5470] loop0: detected capacity change from 0 to 512 [ 63.623326][ T5470] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5474] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5472] <... futex resumed>) = 1 [pid 5472] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... open resumed>) = 4 [pid 5474] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... futex resumed>) = 1 [pid 5474] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5474] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... write resumed>) = 262144 [pid 5472] <... futex resumed>) = 0 [pid 5474] <... futex resumed>) = 1 [pid 5474] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5472] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... open resumed>) = 5 [pid 5473] munmap(0x7f81b2d7d000, 262144 [pid 5474] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] <... futex resumed>) = 1 [pid 5472] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5474] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... munmap resumed>) = 0 [pid 5474] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5472] <... futex resumed>) = 0 [pid 5473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5473] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5473] close(3) = 0 [pid 5473] mkdir("./file1", 0777) = 0 [pid 5473] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5473] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5473] chdir("./file1") = 0 [pid 5473] ioctl(6, LOOP_CLR_FD) = 0 [pid 5473] close(6) = 0 [pid 5473] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5472] exit_group(0 [pid 5473] <... futex resumed>) = ? [pid 5472] <... exit_group resumed>) = ? [pid 5473] +++ exited with 0 +++ [pid 5474] <... futex resumed>) = ? [pid 5474] +++ exited with 0 +++ [pid 5472] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5472, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/bus") = 0 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5477 attached , child_tidptr=0x555556eda690) = 5477 [pid 5477] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5477] chdir("./113") = 0 [pid 5477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5477] setpgid(0, 0) = 0 [pid 5477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5477] write(3, "1000", 4) = 4 [pid 5477] close(3) = 0 [pid 5477] symlink("/dev/binderfs", "./binderfs") = 0 [ 63.690011][ T5473] loop0: detected capacity change from 0 to 512 [ 63.708335][ T5473] EXT4-fs (loop0): 1 orphan inode deleted [ 63.714193][ T5473] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/112/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5477] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5477] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5478 attached [pid 5478] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5477] <... clone3 resumed> => {parent_tid=[5478]}, 88) = 5478 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5478] <... rseq resumed>) = 0 [pid 5477] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5478] set_robust_list(0x7f81bb1be9a0, 24 [pid 5477] <... mmap resumed>) = 0x7f81bb17d000 [pid 5477] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5478] <... set_robust_list resumed>) = 0 [pid 5477] <... mprotect resumed>) = 0 [pid 5477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5479 attached [pid 5478] rt_sigprocmask(SIG_SETMASK, [], [pid 5479] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5477] <... clone3 resumed> => {parent_tid=[5479]}, 88) = 5479 [pid 5479] <... rseq resumed>) = 0 [pid 5478] memfd_create("syzkaller", 0 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], [pid 5479] set_robust_list(0x7f81bb19d9a0, 24 [pid 5477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5479] <... set_robust_list resumed>) = 0 [pid 5479] rt_sigprocmask(SIG_SETMASK, [], [pid 5477] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5478] <... memfd_create resumed>) = 3 [pid 5477] <... futex resumed>) = 0 [pid 5479] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5477] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5479] <... open resumed>) = 4 [pid 5478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5479] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = 0 [pid 5477] <... futex resumed>) = 1 [pid 5479] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5477] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5477] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... open resumed>) = 5 [pid 5478] <... write resumed>) = 262144 [pid 5479] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5479] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5479] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5478] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5478] close(3) = 0 [pid 5478] mkdir("./file1", 0777) = 0 [pid 5478] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5478] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5478] chdir("./file1") = 0 [pid 5478] ioctl(6, LOOP_CLR_FD) = 0 [pid 5478] close(6) = 0 [pid 5478] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] exit_group(0) = ? [pid 5479] <... futex resumed>) = ? [pid 5479] +++ exited with 0 +++ [pid 5478] <... futex resumed>) = ? [pid 5478] +++ exited with 0 +++ [pid 5477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5477, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/bus") = 0 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5482 attached , child_tidptr=0x555556eda690) = 5482 [pid 5482] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5482] chdir("./114") = 0 [pid 5482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5482] setpgid(0, 0) = 0 [pid 5482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5482] write(3, "1000", 4) = 4 [pid 5482] close(3) = 0 [pid 5482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5482] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5482] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5483 attached => {parent_tid=[5483]}, 88) = 5483 [pid 5483] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5483] <... rseq resumed>) = 0 [pid 5483] set_robust_list(0x7f81bb1be9a0, 24 [pid 5482] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... set_robust_list resumed>) = 0 [pid 5482] <... futex resumed>) = 0 [pid 5483] rt_sigprocmask(SIG_SETMASK, [], [pid 5482] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5482] <... futex resumed>) = 0 [pid 5482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5483] memfd_create("syzkaller", 0 [pid 5482] <... mmap resumed>) = 0x7f81bb17d000 [pid 5482] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5483] <... memfd_create resumed>) = 3 [pid 5483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5482] <... mprotect resumed>) = 0 [pid 5483] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5484 attached [pid 5484] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5482] <... clone3 resumed> => {parent_tid=[5484]}, 88) = 5484 [pid 5484] <... rseq resumed>) = 0 [pid 5482] rt_sigprocmask(SIG_SETMASK, [], [pid 5484] set_robust_list(0x7f81bb19d9a0, 24 [pid 5482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5484] <... set_robust_list resumed>) = 0 [pid 5482] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5482] <... futex resumed>) = 0 [pid 5484] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5482] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... open resumed>) = 4 [pid 5484] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... futex resumed>) = 0 [pid 5482] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 1 [pid 5484] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5484] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... futex resumed>) = 0 [pid 5482] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 1 [pid 5484] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5484] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... futex resumed>) = 0 [pid 5482] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 1 [pid 5483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5484] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5484] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] <... futex resumed>) = 0 [ 63.799113][ T5478] loop0: detected capacity change from 0 to 512 [ 63.818112][ T5478] EXT4-fs (loop0): 1 orphan inode deleted [ 63.824079][ T5478] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/113/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5483] <... write resumed>) = 262144 [pid 5483] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5483] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5483] close(3) = 0 [pid 5483] mkdir("./file1", 0777) = 0 [pid 5483] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5483] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5483] chdir("./file1") = 0 [pid 5483] ioctl(6, LOOP_CLR_FD) = 0 [pid 5483] close(6) = 0 [pid 5483] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] exit_group(0) = ? [pid 5483] <... futex resumed>) = ? [pid 5484] <... futex resumed>) = ? [pid 5483] +++ exited with 0 +++ [pid 5484] +++ exited with 0 +++ [pid 5482] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5482, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/bus") = 0 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 63.883457][ T5483] loop0: detected capacity change from 0 to 512 [ 63.908193][ T5483] EXT4-fs (loop0): 1 orphan inode deleted [ 63.914216][ T5483] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/114/file1 supports timestamps until 2038-01-19 (0x7fffffff) openat(AT_FDCWD, "./114/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5487 attached , child_tidptr=0x555556eda690) = 5487 [pid 5487] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5487] chdir("./115") = 0 [pid 5487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5487] setpgid(0, 0) = 0 [pid 5487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5487] write(3, "1000", 4) = 4 [pid 5487] close(3) = 0 [pid 5487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5487] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5487] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5488 attached => {parent_tid=[5488]}, 88) = 5488 [pid 5488] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5487] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5488] <... rseq resumed>) = 0 [pid 5487] <... mmap resumed>) = 0x7f81bb17d000 [pid 5487] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5488] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5487] <... mprotect resumed>) = 0 [pid 5488] rt_sigprocmask(SIG_SETMASK, [], [pid 5487] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5487] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5488] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5489 attached [pid 5487] <... clone3 resumed> => {parent_tid=[5489]}, 88) = 5489 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5487] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5488] <... memfd_create resumed>) = 3 [pid 5489] <... rseq resumed>) = 0 [pid 5488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5489] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5488] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5489] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5489] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5487] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5489] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] <... futex resumed>) = 0 [pid 5489] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5489] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5487] <... futex resumed>) = 0 [pid 5489] <... open resumed>) = 5 [pid 5487] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] <... futex resumed>) = 1 [pid 5489] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5487] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5489] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] <... futex resumed>) = 0 [pid 5489] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] <... write resumed>) = 262144 [pid 5488] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5488] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5488] close(3) = 0 [pid 5488] mkdir("./file1", 0777) = 0 [pid 5488] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5488] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5488] chdir("./file1") = 0 [pid 5488] ioctl(6, LOOP_CLR_FD) = 0 [pid 5488] close(6) = 0 [pid 5488] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] exit_group(0) = ? [pid 5488] <... futex resumed>) = ? [pid 5489] <... futex resumed>) = ? [pid 5488] +++ exited with 0 +++ [pid 5489] +++ exited with 0 +++ [pid 5487] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5487, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/bus") = 0 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 [ 63.998718][ T5488] loop0: detected capacity change from 0 to 512 [ 64.018180][ T5488] EXT4-fs (loop0): 1 orphan inode deleted [ 64.024206][ T5488] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/115/file1 supports timestamps until 2038-01-19 (0x7fffffff) close(4) = 0 rmdir("./115/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5492 attached , child_tidptr=0x555556eda690) = 5492 [pid 5492] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5492] chdir("./116") = 0 [pid 5492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5492] setpgid(0, 0) = 0 [pid 5492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5492] write(3, "1000", 4) = 4 [pid 5492] close(3) = 0 [pid 5492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5492] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5492] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5493 attached => {parent_tid=[5493]}, 88) = 5493 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5492] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5492] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5493] memfd_create("syzkaller", 0 [pid 5492] <... futex resumed>) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5492] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5493] <... memfd_create resumed>) = 3 [pid 5493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5492] <... mprotect resumed>) = 0 [pid 5493] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5494 attached => {parent_tid=[5494]}, 88) = 5494 [pid 5494] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], [pid 5494] set_robust_list(0x7f81bb19d9a0, 24 [pid 5492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5494] <... set_robust_list resumed>) = 0 [pid 5492] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5492] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5494] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5494] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5492] <... futex resumed>) = 0 [pid 5494] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5492] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] <... mount resumed>) = 0 [pid 5494] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5492] <... futex resumed>) = 0 [pid 5494] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5494] <... open resumed>) = 5 [pid 5492] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] <... futex resumed>) = 0 [pid 5492] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5492] <... futex resumed>) = 0 [pid 5494] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5494] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5493] <... write resumed>) = 262144 [pid 5493] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5493] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5493] close(3) = 0 [pid 5493] mkdir("./file1", 0777) = 0 [pid 5493] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5493] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5493] chdir("./file1") = 0 [pid 5493] ioctl(6, LOOP_CLR_FD) = 0 [pid 5493] close(6) = 0 [pid 5493] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] exit_group(0 [pid 5494] <... futex resumed>) = ? [pid 5493] <... futex resumed>) = ? [pid 5494] +++ exited with 0 +++ [pid 5492] <... exit_group resumed>) = ? [pid 5493] +++ exited with 0 +++ [pid 5492] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5492, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/bus") = 0 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 umount2("./116/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5497 ./strace-static-x86_64: Process 5497 attached [pid 5497] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5497] chdir("./117") = 0 [pid 5497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 64.114104][ T5493] loop0: detected capacity change from 0 to 512 [ 64.128424][ T5493] EXT4-fs (loop0): 1 orphan inode deleted [ 64.134200][ T5493] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5497] setpgid(0, 0) = 0 [pid 5497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5497] write(3, "1000", 4) = 4 [pid 5497] close(3) = 0 [pid 5497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5497] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5497] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5497] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5497] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5498]}, 88) = 5498 [pid 5497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5497] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5498 attached [pid 5498] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5497] <... mmap resumed>) = 0x7f81bb17d000 [pid 5497] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5498] set_robust_list(0x7f81bb1be9a0, 24 [pid 5497] <... mprotect resumed>) = 0 [pid 5498] <... set_robust_list resumed>) = 0 [pid 5497] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5497] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5498] memfd_create("syzkaller", 0 [pid 5497] <... clone3 resumed> => {parent_tid=[5499]}, 88) = 5499 [pid 5498] <... memfd_create resumed>) = 3 [pid 5498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5497] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5499 attached [pid 5498] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5499] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5499] <... rseq resumed>) = 0 [pid 5497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5497] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5499] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5499] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... write resumed>) = 262144 [pid 5499] <... futex resumed>) = 1 [pid 5498] munmap(0x7f81b2d7d000, 262144 [pid 5497] <... futex resumed>) = 0 [pid 5499] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5497] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5498] <... munmap resumed>) = 0 [pid 5497] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5498] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5499] <... mount resumed>) = 0 [pid 5498] <... openat resumed>) = 5 [pid 5499] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] ioctl(5, LOOP_SET_FD, 3 [pid 5499] <... futex resumed>) = 1 [pid 5497] <... futex resumed>) = 0 [pid 5497] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5499] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5497] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... futex resumed>) = 1 [pid 5499] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5498] <... ioctl resumed>) = 0 [pid 5498] close(3) = 0 [pid 5498] mkdir("./file1", 0777) = 0 [pid 5498] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5499] <... write resumed>) = 262144 [pid 5499] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = 1 [pid 5499] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5498] ioctl(5, LOOP_CLR_FD) = 0 [pid 5498] close(5) = 0 [pid 5498] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5497] exit_group(0) = ? [pid 5498] <... futex resumed>) = ? [pid 5498] +++ exited with 0 +++ [pid 5499] <... futex resumed>) = ? [pid 5499] +++ exited with 0 +++ [pid 5497] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5497, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/bus") = 0 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5500 attached , child_tidptr=0x555556eda690) = 5500 [pid 5500] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5500] chdir("./118") = 0 [pid 5500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5500] setpgid(0, 0) = 0 [pid 5500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5500] write(3, "1000", 4) = 4 [pid 5500] close(3) = 0 [pid 5500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5500] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5500] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5500] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5500] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5500] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5501 attached => {parent_tid=[5501]}, 88) = 5501 [pid 5501] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5500] rt_sigprocmask(SIG_SETMASK, [], [pid 5501] set_robust_list(0x7f81bb1be9a0, 24 [pid 5500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5501] <... set_robust_list resumed>) = 0 [pid 5500] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5500] <... futex resumed>) = 0 [pid 5501] memfd_create("syzkaller", 0 [pid 5500] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5501] <... memfd_create resumed>) = 3 [pid 5500] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5500] <... mprotect resumed>) = 0 [pid 5501] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5500] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5500] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5502]}, 88) = 5502 [pid 5500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5500] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5500] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5502 attached [pid 5502] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5502] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5502] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5502] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] <... futex resumed>) = 0 [pid 5500] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5500] <... futex resumed>) = 0 [pid 5500] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] <... write resumed>) = 262144 [pid 5501] munmap(0x7f81b2d7d000, 262144 [pid 5502] <... mount resumed>) = 0 [pid 5502] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] <... futex resumed>) = 0 [pid 5502] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5500] <... futex resumed>) = 0 [ 64.210839][ T5498] loop0: detected capacity change from 0 to 512 [ 64.230019][ T5498] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5502] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5500] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... open resumed>) = 5 [pid 5501] <... munmap resumed>) = 0 [pid 5501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5501] ioctl(6, LOOP_SET_FD, 3 [pid 5502] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] <... futex resumed>) = 0 [pid 5500] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... futex resumed>) = 0 [pid 5502] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5501] <... ioctl resumed>) = 0 [pid 5500] <... futex resumed>) = 1 [pid 5501] close(3) = 0 [pid 5501] mkdir("./file1", 0777 [pid 5500] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] <... mkdir resumed>) = 0 [pid 5501] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5502] <... write resumed>) = 262144 [pid 5502] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] <... futex resumed>) = 0 [pid 5501] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5501] ioctl(6, LOOP_CLR_FD) = 0 [pid 5501] close(6) = 0 [pid 5501] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] exit_group(0 [pid 5502] <... futex resumed>) = ? [pid 5502] +++ exited with 0 +++ [pid 5501] <... futex resumed>) = ? [pid 5500] <... exit_group resumed>) = ? [pid 5501] +++ exited with 0 +++ [pid 5500] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5500, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/bus") = 0 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 64.274577][ T5501] loop0: detected capacity change from 0 to 512 [ 64.291681][ T5501] EXT4-fs (loop0): VFS: Can't find ext4 filesystem umount2("./118/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5503 ./strace-static-x86_64: Process 5503 attached [pid 5503] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5503] chdir("./119") = 0 [pid 5503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5503] setpgid(0, 0) = 0 [pid 5503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5503] write(3, "1000", 4) = 4 [pid 5503] close(3) = 0 [pid 5503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5503] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5503] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5503] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5504 attached [pid 5504] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5504] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5504] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5503] <... clone3 resumed> => {parent_tid=[5504]}, 88) = 5504 [pid 5503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5503] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... futex resumed>) = 0 [pid 5503] <... futex resumed>) = 1 [pid 5503] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5504] memfd_create("syzkaller", 0 [pid 5503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5504] <... memfd_create resumed>) = 3 [pid 5503] <... mmap resumed>) = 0x7f81bb17d000 [pid 5504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5503] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5504] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5503] <... mprotect resumed>) = 0 [pid 5503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5505]}, 88) = 5505 [pid 5503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5505 attached [pid 5504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5505] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5505] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5505] rt_sigprocmask(SIG_SETMASK, [], [pid 5503] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5503] <... futex resumed>) = 0 [pid 5505] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5503] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... open resumed>) = 4 [pid 5505] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... write resumed>) = 262144 [pid 5505] <... futex resumed>) = 1 [pid 5505] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5503] <... futex resumed>) = 0 [pid 5503] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5503] <... futex resumed>) = 1 [pid 5505] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5504] munmap(0x7f81b2d7d000, 262144 [pid 5503] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... mount resumed>) = 0 [pid 5504] <... munmap resumed>) = 0 [pid 5505] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5503] <... futex resumed>) = 0 [pid 5503] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5503] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5504] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5505] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... openat resumed>) = 6 [pid 5504] ioctl(6, LOOP_SET_FD, 3 [pid 5505] <... futex resumed>) = 1 [pid 5503] <... futex resumed>) = 0 [pid 5505] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5503] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5503] <... futex resumed>) = 0 [pid 5505] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5503] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5504] <... ioctl resumed>) = 0 [pid 5504] close(3) = 0 [pid 5504] mkdir("./file1", 0777) = 0 [pid 5504] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5505] <... write resumed>) = 262144 [pid 5505] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5505] <... futex resumed>) = 1 [pid 5503] <... futex resumed>) = 0 [pid 5505] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] ioctl(6, LOOP_CLR_FD) = 0 [pid 5504] close(6) = 0 [pid 5504] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] exit_group(0 [pid 5504] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] <... futex resumed>) = ? [pid 5505] +++ exited with 0 +++ [pid 5504] <... futex resumed>) = ? [pid 5504] +++ exited with 0 +++ [pid 5503] <... exit_group resumed>) = ? [pid 5503] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5503, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/bus") = 0 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 64.375966][ T5504] loop0: detected capacity change from 0 to 512 [ 64.389481][ T5504] EXT4-fs (loop0): VFS: Can't find ext4 filesystem ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5506 attached [pid 5506] set_robust_list(0x555556eda6a0, 24 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5506 [pid 5506] <... set_robust_list resumed>) = 0 [pid 5506] chdir("./120") = 0 [pid 5506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5506] setpgid(0, 0) = 0 [pid 5506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5506] write(3, "1000", 4) = 4 [pid 5506] close(3) = 0 [pid 5506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5506] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5506] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5506] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5507]}, 88) = 5507 [pid 5506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5506] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5506] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5506] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5507 attached [], 8) = 0 [pid 5506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5508]}, 88) = 5508 [pid 5506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5508 attached [pid 5508] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5506] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... rseq resumed>) = 0 [pid 5506] <... futex resumed>) = 0 [pid 5508] set_robust_list(0x7f81bb19d9a0, 24 [pid 5506] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... set_robust_list resumed>) = 0 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5508] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5507] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5508] <... open resumed>) = 3 [pid 5507] <... rseq resumed>) = 0 [pid 5508] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] set_robust_list(0x7f81bb1be9a0, 24 [pid 5508] <... futex resumed>) = 1 [pid 5507] <... set_robust_list resumed>) = 0 [pid 5506] <... futex resumed>) = 0 [pid 5508] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] rt_sigprocmask(SIG_SETMASK, [], [pid 5506] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] <... futex resumed>) = 0 [pid 5508] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5506] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... mount resumed>) = 0 [pid 5507] memfd_create("syzkaller", 0) = 4 [pid 5508] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5508] <... futex resumed>) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5508] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5506] <... futex resumed>) = 1 [pid 5506] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5508] <... futex resumed>) = 0 [pid 5508] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5508] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5508] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] <... futex resumed>) = 0 [pid 5508] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5506] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5508] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5508] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] <... write resumed>) = 262144 [pid 5507] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5507] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5507] close(4) = 0 [pid 5507] mkdir("./file1", 0777) = 0 [pid 5507] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5507] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5507] chdir("./file1") = 0 [pid 5507] ioctl(6, LOOP_CLR_FD) = 0 [pid 5507] close(6) = 0 [pid 5507] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] exit_group(0 [pid 5508] <... futex resumed>) = ? [pid 5506] <... exit_group resumed>) = ? [pid 5508] +++ exited with 0 +++ [pid 5507] <... futex resumed>) = ? [pid 5507] +++ exited with 0 +++ [pid 5506] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5506, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/bus") = 0 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5511 attached , child_tidptr=0x555556eda690) = 5511 [pid 5511] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5511] chdir("./121") = 0 [pid 5511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5511] setpgid(0, 0) = 0 [pid 5511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5511] write(3, "1000", 4) = 4 [pid 5511] close(3) = 0 [pid 5511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5511] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [ 64.464380][ T5507] loop0: detected capacity change from 0 to 512 [ 64.486392][ T5507] EXT4-fs (loop0): 1 orphan inode deleted [ 64.492388][ T5507] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5511] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5511] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5512 attached => {parent_tid=[5512]}, 88) = 5512 [pid 5512] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5512] set_robust_list(0x7f81bb1be9a0, 24 [pid 5511] rt_sigprocmask(SIG_SETMASK, [], [pid 5512] <... set_robust_list resumed>) = 0 [pid 5512] rt_sigprocmask(SIG_SETMASK, [], [pid 5511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5511] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] memfd_create("syzkaller", 0 [pid 5511] <... futex resumed>) = 0 [pid 5511] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... memfd_create resumed>) = 3 [pid 5511] <... futex resumed>) = 0 [pid 5511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5511] <... mmap resumed>) = 0x7f81bb17d000 [pid 5512] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5511] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5512] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5511] <... mprotect resumed>) = 0 [pid 5511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5513 attached => {parent_tid=[5513]}, 88) = 5513 [pid 5511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5511] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5511] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... rseq resumed>) = 0 [pid 5513] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5512] <... write resumed>) = 262144 [pid 5513] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5512] munmap(0x7f81b2d7d000, 262144 [pid 5513] <... open resumed>) = 4 [pid 5512] <... munmap resumed>) = 0 [pid 5513] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5511] <... futex resumed>) = 0 [pid 5512] ioctl(5, LOOP_SET_FD, 3 [pid 5511] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... futex resumed>) = 0 [pid 5513] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5513] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] <... futex resumed>) = 0 [pid 5513] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5511] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5511] <... futex resumed>) = 0 [pid 5511] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5513] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] <... futex resumed>) = 0 [pid 5513] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5511] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5512] <... ioctl resumed>) = 0 [pid 5512] close(3) = 0 [pid 5512] mkdir("./file1", 0777) = 0 [pid 5512] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5513] <... write resumed>) = 262144 [pid 5513] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5511] <... futex resumed>) = 0 [pid 5512] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5512] ioctl(5, LOOP_CLR_FD) = 0 [pid 5512] close(5) = 0 [pid 5512] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] exit_group(0 [pid 5513] <... futex resumed>) = ? [pid 5511] <... exit_group resumed>) = ? [pid 5512] <... futex resumed>) = ? [pid 5513] +++ exited with 0 +++ [pid 5512] +++ exited with 0 +++ [pid 5511] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5511, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/bus") = 0 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 umount2("./121/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5514 attached , child_tidptr=0x555556eda690) = 5514 [pid 5514] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5514] chdir("./122") = 0 [pid 5514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5514] setpgid(0, 0) = 0 [pid 5514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5514] write(3, "1000", 4) = 4 [pid 5514] close(3) = 0 [pid 5514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5514] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5514] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5515 attached => {parent_tid=[5515]}, 88) = 5515 [pid 5514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5514] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5514] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5516 attached [pid 5516] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5514] <... clone3 resumed> => {parent_tid=[5516]}, 88) = 5516 [pid 5516] <... rseq resumed>) = 0 [pid 5514] rt_sigprocmask(SIG_SETMASK, [], [pid 5516] set_robust_list(0x7f81bb19d9a0, 24 [pid 5514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5516] <... set_robust_list resumed>) = 0 [pid 5514] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5514] <... futex resumed>) = 0 [pid 5516] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5514] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5516] <... open resumed>) = 3 [pid 5516] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5516] <... futex resumed>) = 1 [pid 5514] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5516] <... mount resumed>) = 0 [pid 5516] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5516] <... futex resumed>) = 1 [pid 5516] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5514] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5516] <... open resumed>) = 4 [pid 5516] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5516] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5514] <... futex resumed>) = 0 [pid 5516] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5514] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5516] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5515] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5515] memfd_create("syzkaller", 0) = 5 [pid 5515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5515] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5515] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 64.563255][ T5512] loop0: detected capacity change from 0 to 512 [ 64.587037][ T5512] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5515] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5515] close(5) = 0 [pid 5515] mkdir("./file1", 0777) = 0 [pid 5515] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5515] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5515] chdir("./file1") = 0 [pid 5515] ioctl(6, LOOP_CLR_FD) = 0 [pid 5515] close(6) = 0 [pid 5515] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5515] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] exit_group(0) = ? [pid 5515] <... futex resumed>) = ? [pid 5515] +++ exited with 0 +++ [pid 5516] <... futex resumed>) = ? [pid 5516] +++ exited with 0 +++ [pid 5514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5514, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/bus") = 0 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 umount2("./122/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5519 attached [pid 5519] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5519] chdir("./123" [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5519 [pid 5519] <... chdir resumed>) = 0 [pid 5519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5519] setpgid(0, 0) = 0 [pid 5519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5519] write(3, "1000", 4) = 4 [pid 5519] close(3) = 0 [pid 5519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5519] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [ 64.643095][ T5515] loop0: detected capacity change from 0 to 512 [ 64.658297][ T5515] EXT4-fs (loop0): 1 orphan inode deleted [ 64.664285][ T5515] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/122/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5519] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5519] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5520 attached [pid 5520] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5519] <... clone3 resumed> => {parent_tid=[5520]}, 88) = 5520 [pid 5520] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], [pid 5520] rt_sigprocmask(SIG_SETMASK, [], [pid 5519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5519] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5520] memfd_create("syzkaller", 0 [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... memfd_create resumed>) = 3 [pid 5520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5519] <... futex resumed>) = 0 [pid 5519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5520] <... mmap resumed>) = 0x7f81b2d9e000 [pid 5519] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5519] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5521 attached => {parent_tid=[5521]}, 88) = 5521 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], [pid 5521] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5520] <... write resumed>) = 262144 [pid 5519] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] munmap(0x7f81b2d9e000, 262144 [pid 5521] <... rseq resumed>) = 0 [pid 5519] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5521] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5520] <... munmap resumed>) = 0 [pid 5521] <... open resumed>) = 4 [pid 5520] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5521] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5521] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] <... futex resumed>) = 0 [pid 5521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5520] <... openat resumed>) = 5 [pid 5519] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5519] <... futex resumed>) = 0 [pid 5521] <... mount resumed>) = 0 [pid 5520] ioctl(5, LOOP_SET_FD, 3 [pid 5519] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5519] <... futex resumed>) = 0 [pid 5521] <... open resumed>) = 6 [pid 5521] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5521] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5519] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = 0 [pid 5519] <... futex resumed>) = 1 [pid 5521] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5519] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] <... ioctl resumed>) = 0 [pid 5520] close(3) = 0 [pid 5520] mkdir("./file1", 0777) = 0 [pid 5520] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5521] <... write resumed>) = -1 EIO (Input/output error) [pid 5521] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5521] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] <... futex resumed>) = 0 [pid 5520] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5520] ioctl(5, LOOP_CLR_FD) = 0 [pid 5520] close(5) = 0 [pid 5520] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] exit_group(0 [pid 5521] <... futex resumed>) = ? [pid 5519] <... exit_group resumed>) = ? [pid 5521] +++ exited with 0 +++ [pid 5520] <... futex resumed>) = ? [pid 5520] +++ exited with 0 +++ [pid 5519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5519, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/bus") = 0 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 umount2("./123/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5522 ./strace-static-x86_64: Process 5522 attached [pid 5522] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5522] chdir("./124") = 0 [pid 5522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5522] setpgid(0, 0) = 0 [pid 5522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5522] write(3, "1000", 4) = 4 [pid 5522] close(3) = 0 [pid 5522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5522] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5522] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5523 attached => {parent_tid=[5523]}, 88) = 5523 [pid 5523] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5523] set_robust_list(0x7f81bb1be9a0, 24 [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5523] <... set_robust_list resumed>) = 0 [pid 5522] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] rt_sigprocmask(SIG_SETMASK, [], [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5522] <... futex resumed>) = 0 [pid 5523] memfd_create("syzkaller", 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5522] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5523] <... memfd_create resumed>) = 3 [pid 5522] <... mprotect resumed>) = 0 [pid 5523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [ 64.750506][ T5520] loop0: detected capacity change from 0 to 512 [ 64.756022][ T5521] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 64.767876][ T5521] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 64.780082][ T5520] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5522] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5524 attached => {parent_tid=[5524]}, 88) = 5524 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5524] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5523] <... write resumed>) = 262144 [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5524] <... rseq resumed>) = 0 [pid 5522] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5524] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5523] munmap(0x7f81b2d7d000, 262144 [pid 5524] <... open resumed>) = 4 [pid 5524] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5523] <... munmap resumed>) = 0 [pid 5524] <... mount resumed>) = 0 [pid 5524] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5524] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5523] <... openat resumed>) = 5 [pid 5523] ioctl(5, LOOP_SET_FD, 3 [pid 5524] <... open resumed>) = 6 [pid 5524] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... ioctl resumed>) = 0 [pid 5522] <... futex resumed>) = 0 [pid 5523] close(3 [pid 5522] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... close resumed>) = 0 [pid 5522] <... futex resumed>) = 1 [pid 5523] mkdir("./file1", 0777 [pid 5522] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... futex resumed>) = 0 [pid 5523] <... mkdir resumed>) = 0 [pid 5524] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5523] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5524] <... write resumed>) = 262144 [pid 5524] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5524] <... futex resumed>) = 1 [pid 5523] ioctl(5, LOOP_CLR_FD [pid 5522] <... futex resumed>) = 0 [pid 5524] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... ioctl resumed>) = 0 [pid 5523] close(5) = 0 [pid 5523] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] exit_group(0) = ? [pid 5523] <... futex resumed>) = ? [pid 5523] +++ exited with 0 +++ [pid 5524] <... futex resumed>) = ? [pid 5524] +++ exited with 0 +++ [pid 5522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5522, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/bus") = 0 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5525 ./strace-static-x86_64: Process 5525 attached [pid 5525] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5525] chdir("./125") = 0 [pid 5525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5525] setpgid(0, 0) = 0 [pid 5525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5525] write(3, "1000", 4) = 4 [pid 5525] close(3) = 0 [pid 5525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5525] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5525] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5525] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5525] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5526 attached => {parent_tid=[5526]}, 88) = 5526 [pid 5525] rt_sigprocmask(SIG_SETMASK, [], [pid 5526] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5526] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5525] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.843014][ T5523] loop0: detected capacity change from 0 to 512 [ 64.856572][ T5523] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5526] rt_sigprocmask(SIG_SETMASK, [], [pid 5525] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5525] <... futex resumed>) = 0 [pid 5525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5526] memfd_create("syzkaller", 0 [pid 5525] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5526] <... memfd_create resumed>) = 3 [pid 5526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5525] <... mprotect resumed>) = 0 [pid 5525] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5527]}, 88) = 5527 [pid 5525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5525] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5527 attached [pid 5527] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5527] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5526] <... write resumed>) = 262144 [pid 5526] munmap(0x7f81b2d7d000, 262144 [pid 5527] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5526] <... munmap resumed>) = 0 [pid 5526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5526] ioctl(5, LOOP_SET_FD, 3 [pid 5527] <... open resumed>) = 4 [pid 5527] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5526] <... ioctl resumed>) = 0 [pid 5526] close(3) = 0 [pid 5526] mkdir("./file1", 0777) = 0 [pid 5527] <... futex resumed>) = 1 [pid 5525] <... futex resumed>) = 0 [pid 5527] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5526] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5525] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... mount resumed>) = 0 [pid 5525] <... futex resumed>) = 0 [pid 5525] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5525] <... futex resumed>) = 0 [pid 5525] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5525] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... open resumed>) = 3 [pid 5527] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... futex resumed>) = 0 [pid 5525] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = 1 [pid 5525] <... futex resumed>) = 0 [pid 5527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5525] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... write resumed>) = 262144 [pid 5527] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5525] <... futex resumed>) = 0 [pid 5527] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5526] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5526] ioctl(5, LOOP_CLR_FD) = 0 [pid 5526] close(5) = 0 [pid 5526] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5525] exit_group(0) = ? [pid 5526] <... futex resumed>) = ? [pid 5527] <... futex resumed>) = ? [pid 5527] +++ exited with 0 +++ [pid 5526] +++ exited with 0 +++ [pid 5525] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5525, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/bus") = 0 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5528 attached , child_tidptr=0x555556eda690) = 5528 [pid 5528] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5528] chdir("./126") = 0 [pid 5528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5528] setpgid(0, 0) = 0 [pid 5528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5528] write(3, "1000", 4) = 4 [pid 5528] close(3) = 0 [pid 5528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5528] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5528] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5528] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5529 attached => {parent_tid=[5529]}, 88) = 5529 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5528] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5528] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5528] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5529] <... rseq resumed>) = 0 [pid 5529] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5528] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5530 attached [pid 5529] memfd_create("syzkaller", 0 [pid 5530] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5528] <... clone3 resumed> => {parent_tid=[5530]}, 88) = 5530 [pid 5529] <... memfd_create resumed>) = 3 [pid 5529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5530] <... rseq resumed>) = 0 [pid 5529] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], [pid 5530] set_robust_list(0x7f81bb19d9a0, 24 [pid 5528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5530] <... set_robust_list resumed>) = 0 [pid 5528] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] rt_sigprocmask(SIG_SETMASK, [], [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5530] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5530] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5530] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5528] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5530] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5530] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 64.912228][ T5526] loop0: detected capacity change from 0 to 512 [ 64.935143][ T5526] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5528] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5530] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] <... futex resumed>) = 0 [pid 5529] <... write resumed>) = 262144 [pid 5529] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5529] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5529] close(3) = 0 [pid 5529] mkdir("./file1", 0777) = 0 [pid 5529] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5529] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5529] chdir("./file1") = 0 [pid 5529] ioctl(6, LOOP_CLR_FD) = 0 [pid 5529] close(6) = 0 [pid 5529] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] exit_group(0 [pid 5529] <... futex resumed>) = ? [pid 5528] <... exit_group resumed>) = ? [pid 5529] +++ exited with 0 +++ [pid 5530] <... futex resumed>) = ? [pid 5530] +++ exited with 0 +++ [pid 5528] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5528, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/bus") = 0 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 umount2("./126/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 [ 64.998057][ T5529] loop0: detected capacity change from 0 to 512 [ 65.018109][ T5529] EXT4-fs (loop0): 1 orphan inode deleted [ 65.024229][ T5529] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/126/file1 supports timestamps until 2038-01-19 (0x7fffffff) mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5533 ./strace-static-x86_64: Process 5533 attached [pid 5533] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5533] chdir("./127") = 0 [pid 5533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5533] setpgid(0, 0) = 0 [pid 5533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5533] write(3, "1000", 4) = 4 [pid 5533] close(3) = 0 [pid 5533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5533] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5533] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5533] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5534 attached [pid 5534] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5534] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5534] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5533] <... clone3 resumed> => {parent_tid=[5534]}, 88) = 5534 [pid 5533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5533] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5533] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] memfd_create("syzkaller", 0) = 3 [pid 5534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5533] <... futex resumed>) = 0 [pid 5533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5533] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5533] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} [pid 5534] <... write resumed>) = 262144 [pid 5534] munmap(0x7f81b2d9e000, 262144) = 0 [pid 5534] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5535 attached [pid 5533] <... clone3 resumed> => {parent_tid=[5535]}, 88) = 5535 [pid 5534] <... openat resumed>) = 4 [pid 5535] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5533] rt_sigprocmask(SIG_SETMASK, [], [pid 5535] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5535] <... set_robust_list resumed>) = 0 [pid 5533] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] rt_sigprocmask(SIG_SETMASK, [], [pid 5533] <... futex resumed>) = 0 [pid 5535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5533] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5534] ioctl(4, LOOP_SET_FD, 3 [pid 5535] <... open resumed>) = 5 [pid 5535] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = 0 [pid 5533] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... futex resumed>) = 1 [pid 5535] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5535] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = 0 [pid 5535] <... futex resumed>) = 1 [pid 5533] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5533] <... futex resumed>) = 0 [pid 5535] <... open resumed>) = 6 [pid 5533] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = 0 [pid 5533] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... futex resumed>) = 1 [pid 5535] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5534] <... ioctl resumed>) = 0 [pid 5534] close(3) = 0 [pid 5534] mkdir("./file1", 0777) = 0 [pid 5534] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5535] <... write resumed>) = -1 EIO (Input/output error) [pid 5535] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = 0 [pid 5535] <... futex resumed>) = 1 [pid 5535] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5534] ioctl(4, LOOP_CLR_FD) = 0 [pid 5534] close(4) = 0 [pid 5534] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5533] exit_group(0 [pid 5534] <... futex resumed>) = ? [pid 5533] <... exit_group resumed>) = ? [pid 5534] +++ exited with 0 +++ [pid 5535] <... futex resumed>) = ? [pid 5535] +++ exited with 0 +++ [pid 5533] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5533, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/bus") = 0 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 umount2("./127/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 [ 65.098340][ T5534] loop0: detected capacity change from 0 to 512 [ 65.104030][ T5535] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 65.114878][ T5535] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 65.131170][ T5534] EXT4-fs (loop0): VFS: Can't find ext4 filesystem openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5536 attached , child_tidptr=0x555556eda690) = 5536 [pid 5536] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5536] chdir("./128") = 0 [pid 5536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5536] setpgid(0, 0) = 0 [pid 5536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5536] write(3, "1000", 4) = 4 [pid 5536] close(3) = 0 [pid 5536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5536] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5536] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5537 attached [pid 5537] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5536] <... clone3 resumed> => {parent_tid=[5537]}, 88) = 5537 [pid 5537] set_robust_list(0x7f81bb1be9a0, 24 [pid 5536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5536] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5537] <... set_robust_list resumed>) = 0 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], [pid 5536] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5537] memfd_create("syzkaller", 0 [pid 5536] <... mprotect resumed>) = 0 [pid 5537] <... memfd_create resumed>) = 3 [pid 5537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5536] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5537] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5536] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5538 attached => {parent_tid=[5538]}, 88) = 5538 [pid 5538] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5536] rt_sigprocmask(SIG_SETMASK, [], [pid 5538] <... rseq resumed>) = 0 [pid 5536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5538] set_robust_list(0x7f81bb19d9a0, 24 [pid 5536] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... set_robust_list resumed>) = 0 [pid 5537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5536] <... futex resumed>) = 0 [pid 5538] rt_sigprocmask(SIG_SETMASK, [], [pid 5536] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5538] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5537] <... write resumed>) = 262144 [pid 5538] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] munmap(0x7f81b2d7d000, 262144 [pid 5538] <... futex resumed>) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5538] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5536] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5538] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5536] <... futex resumed>) = 0 [pid 5536] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5538] <... mount resumed>) = 0 [pid 5537] <... munmap resumed>) = 0 [pid 5538] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5538] <... futex resumed>) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5538] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5537] <... openat resumed>) = 5 [pid 5536] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... open resumed>) = 6 [pid 5537] ioctl(5, LOOP_SET_FD, 3 [pid 5538] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = 0 [pid 5536] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5536] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5538] <... futex resumed>) = 1 [pid 5536] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5538] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5537] <... ioctl resumed>) = 0 [pid 5537] close(3) = 0 [pid 5537] mkdir("./file1", 0777) = 0 [pid 5537] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5538] <... write resumed>) = -1 EIO (Input/output error) [pid 5538] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5538] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5537] ioctl(5, LOOP_CLR_FD) = 0 [pid 5537] close(5) = 0 [pid 5537] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5536] exit_group(0 [pid 5538] <... futex resumed>) = ? [pid 5538] +++ exited with 0 +++ [pid 5536] <... exit_group resumed>) = ? [pid 5537] <... futex resumed>) = ? [pid 5537] +++ exited with 0 +++ [pid 5536] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5536, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/bus") = 0 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 umount2("./128/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5539 ./strace-static-x86_64: Process 5539 attached [pid 5539] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5539] chdir("./129") = 0 [pid 5539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5539] setpgid(0, 0) = 0 [pid 5539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5539] write(3, "1000", 4) = 4 [pid 5539] close(3) = 0 [pid 5539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5539] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5539] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 65.201848][ T5537] loop0: detected capacity change from 0 to 512 [ 65.208029][ T5538] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 65.219130][ T5538] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 65.232057][ T5537] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5539] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5539] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5540]}, 88) = 5540 [pid 5539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5539] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5540 attached ) = 0 [pid 5540] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5540] <... rseq resumed>) = 0 [pid 5539] <... mmap resumed>) = 0x7f81bb17d000 [pid 5539] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5539] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5541]}, 88) = 5541 [pid 5539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5539] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5541 attached [pid 5540] set_robust_list(0x7f81bb1be9a0, 24 [pid 5541] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5540] <... set_robust_list resumed>) = 0 [pid 5541] <... rseq resumed>) = 0 [pid 5540] rt_sigprocmask(SIG_SETMASK, [], [pid 5541] set_robust_list(0x7f81bb19d9a0, 24 [pid 5540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5541] <... set_robust_list resumed>) = 0 [pid 5540] memfd_create("syzkaller", 0 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], [pid 5540] <... memfd_create resumed>) = 3 [pid 5541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5541] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5540] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5541] <... open resumed>) = 4 [pid 5540] <... write resumed>) = 262144 [pid 5541] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] munmap(0x7f81b2d7d000, 262144 [pid 5541] <... futex resumed>) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5540] <... munmap resumed>) = 0 [pid 5541] <... mount resumed>) = 0 [pid 5540] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5541] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] <... openat resumed>) = 5 [pid 5541] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... open resumed>) = 6 [pid 5541] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5540] ioctl(5, LOOP_SET_FD, 3 [pid 5541] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5541] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = 1 [pid 5541] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... ioctl resumed>) = 0 [pid 5540] close(3) = 0 [pid 5540] mkdir("./file1", 0777) = 0 [pid 5540] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5540] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5540] chdir("./file1") = 0 [pid 5540] ioctl(5, LOOP_CLR_FD) = 0 [pid 5540] close(5) = 0 [pid 5540] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5540] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5539] exit_group(0 [pid 5541] <... futex resumed>) = ? [pid 5541] +++ exited with 0 +++ [pid 5540] <... futex resumed>) = ? [pid 5539] <... exit_group resumed>) = ? [pid 5540] +++ exited with 0 +++ [pid 5539] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5539, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/bus") = 0 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 umount2("./129/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5544 attached , child_tidptr=0x555556eda690) = 5544 [pid 5544] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5544] chdir("./130") = 0 [pid 5544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5544] setpgid(0, 0) = 0 [pid 5544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5544] write(3, "1000", 4) = 4 [pid 5544] close(3) = 0 [pid 5544] symlink("/dev/binderfs", "./binderfs") = 0 [ 65.301393][ T5540] loop0: detected capacity change from 0 to 512 [ 65.326563][ T5540] EXT4-fs (loop0): 1 orphan inode deleted [ 65.332587][ T5540] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/129/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5544] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5544] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5544] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5544] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5545 attached => {parent_tid=[5545]}, 88) = 5545 [pid 5545] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5545] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5545] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5544] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = 0 [pid 5544] <... futex resumed>) = 1 [pid 5544] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5545] memfd_create("syzkaller", 0 [pid 5544] <... mmap resumed>) = 0x7f81bb17d000 [pid 5545] <... memfd_create resumed>) = 3 [pid 5544] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5544] <... mprotect resumed>) = 0 [pid 5545] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5544] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5544] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5546 attached => {parent_tid=[5546]}, 88) = 5546 [pid 5546] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5544] rt_sigprocmask(SIG_SETMASK, [], [pid 5546] <... rseq resumed>) = 0 [pid 5544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5544] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5544] <... futex resumed>) = 0 [pid 5546] rt_sigprocmask(SIG_SETMASK, [], [pid 5544] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5546] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5546] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... write resumed>) = 262144 [pid 5545] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5545] ioctl(5, LOOP_SET_FD, 3 [pid 5546] <... futex resumed>) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5545] <... ioctl resumed>) = 0 [pid 5545] close(3) = 0 [pid 5545] mkdir("./file1", 0777 [pid 5544] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] <... mkdir resumed>) = 0 [pid 5545] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5546] <... mount resumed>) = 0 [pid 5546] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = 0 [pid 5546] <... futex resumed>) = 1 [pid 5544] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5544] <... futex resumed>) = 0 [pid 5546] <... open resumed>) = 3 [pid 5544] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] <... write resumed>) = 262144 [pid 5546] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] <... futex resumed>) = 0 [pid 5545] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5545] ioctl(5, LOOP_CLR_FD) = 0 [pid 5545] close(5) = 0 [pid 5545] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] exit_group(0) = ? [pid 5545] <... futex resumed>) = ? [pid 5546] <... futex resumed>) = ? [pid 5546] +++ exited with 0 +++ [pid 5545] +++ exited with 0 +++ [pid 5544] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5544, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/bus") = 0 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 umount2("./130/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5547 attached , child_tidptr=0x555556eda690) = 5547 [pid 5547] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5547] chdir("./131") = 0 [pid 5547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5547] setpgid(0, 0) = 0 [pid 5547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5547] write(3, "1000", 4) = 4 [pid 5547] close(3) = 0 [pid 5547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5547] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5547] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5547] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5547] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5548 attached => {parent_tid=[5548]}, 88) = 5548 [pid 5547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5547] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5547] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5548] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5547] <... mprotect resumed>) = 0 [pid 5548] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5548] rt_sigprocmask(SIG_SETMASK, [], [pid 5547] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5548] memfd_create("syzkaller", 0 [pid 5547] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5548] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5549 attached [pid 5548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5549] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5548] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5549] <... rseq resumed>) = 0 [pid 5547] <... clone3 resumed> => {parent_tid=[5549]}, 88) = 5549 [pid 5549] set_robust_list(0x7f81bb19d9a0, 24 [pid 5547] rt_sigprocmask(SIG_SETMASK, [], [pid 5549] <... set_robust_list resumed>) = 0 [pid 5549] rt_sigprocmask(SIG_SETMASK, [], [pid 5547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5547] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5547] <... futex resumed>) = 0 [pid 5549] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 65.398006][ T5545] loop0: detected capacity change from 0 to 512 [ 65.414697][ T5545] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 65.425940][ T5545] EXT4-fs (loop0): group descriptors corrupted! [pid 5547] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... open resumed>) = 4 [pid 5549] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... futex resumed>) = 1 [pid 5549] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5549] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... futex resumed>) = 1 [pid 5549] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5549] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... futex resumed>) = 1 [pid 5549] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5549] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] <... futex resumed>) = 0 [pid 5548] <... write resumed>) = 262144 [pid 5549] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5548] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5548] close(3) = 0 [pid 5548] mkdir("./file1", 0777) = 0 [pid 5548] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5548] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5548] chdir("./file1") = 0 [pid 5548] ioctl(6, LOOP_CLR_FD) = 0 [pid 5548] close(6) = 0 [pid 5548] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] exit_group(0 [pid 5549] <... futex resumed>) = ? [pid 5548] <... futex resumed>) = ? [pid 5547] <... exit_group resumed>) = ? [pid 5549] +++ exited with 0 +++ [pid 5548] +++ exited with 0 +++ [pid 5547] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5547, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/bus") = 0 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 umount2("./131/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5552 ./strace-static-x86_64: Process 5552 attached [pid 5552] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5552] chdir("./132") = 0 [pid 5552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5552] setpgid(0, 0) = 0 [pid 5552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5552] write(3, "1000", 4) = 4 [pid 5552] close(3) = 0 [pid 5552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5552] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5552] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5553 attached => {parent_tid=[5553]}, 88) = 5553 [pid 5552] rt_sigprocmask(SIG_SETMASK, [], [pid 5553] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5553] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5553] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5552] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = 0 [pid 5552] <... futex resumed>) = 1 [pid 5553] memfd_create("syzkaller", 0) = 3 [pid 5553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5552] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.487258][ T5548] loop0: detected capacity change from 0 to 512 [ 65.507989][ T5548] EXT4-fs (loop0): 1 orphan inode deleted [ 65.514002][ T5548] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/131/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5552] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5554 attached => {parent_tid=[5554]}, 88) = 5554 [pid 5554] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5552] rt_sigprocmask(SIG_SETMASK, [], [pid 5554] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5554] <... set_robust_list resumed>) = 0 [pid 5554] rt_sigprocmask(SIG_SETMASK, [], [pid 5552] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5553] <... write resumed>) = 262144 [pid 5552] <... futex resumed>) = 0 [pid 5553] munmap(0x7f81b2d9e000, 262144 [pid 5552] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5553] <... munmap resumed>) = 0 [pid 5553] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5554] <... open resumed>) = 4 [pid 5553] <... openat resumed>) = 5 [pid 5553] ioctl(5, LOOP_SET_FD, 3 [pid 5554] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5554] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5552] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5552] <... futex resumed>) = 0 [pid 5554] <... mount resumed>) = 0 [pid 5552] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... ioctl resumed>) = 0 [pid 5554] <... futex resumed>) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5554] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5553] close(3 [pid 5552] <... futex resumed>) = 0 [pid 5554] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5552] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... close resumed>) = 0 [pid 5553] mkdir("./file1", 0777 [pid 5554] <... open resumed>) = 6 [pid 5554] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] <... futex resumed>) = 0 [pid 5554] <... futex resumed>) = 1 [pid 5554] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5552] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... mkdir resumed>) = 0 [pid 5553] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5554] <... write resumed>) = 262144 [pid 5554] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] <... futex resumed>) = 0 [pid 5553] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5553] ioctl(5, LOOP_CLR_FD) = 0 [pid 5553] close(5) = 0 [pid 5553] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] exit_group(0 [pid 5554] <... futex resumed>) = ? [pid 5553] <... futex resumed>) = ? [pid 5554] +++ exited with 0 +++ [pid 5552] <... exit_group resumed>) = ? [pid 5553] +++ exited with 0 +++ [pid 5552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5552, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/bus") = 0 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 umount2("./132/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5555 attached [pid 5555] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5555] chdir("./133") = 0 [pid 5555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5555] setpgid(0, 0) = 0 [pid 5555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5555 [pid 5555] write(3, "1000", 4) = 4 [pid 5555] close(3) = 0 [pid 5555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5555] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5555] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [ 65.579321][ T5553] loop0: detected capacity change from 0 to 512 [ 65.607032][ T5553] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5555] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5556 attached => {parent_tid=[5556]}, 88) = 5556 [pid 5556] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5555] rt_sigprocmask(SIG_SETMASK, [], [pid 5556] set_robust_list(0x7f81bb1be9a0, 24 [pid 5555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5556] <... set_robust_list resumed>) = 0 [pid 5555] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] rt_sigprocmask(SIG_SETMASK, [], [pid 5555] <... futex resumed>) = 0 [pid 5556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5555] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] memfd_create("syzkaller", 0 [pid 5555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5556] <... memfd_create resumed>) = 3 [pid 5555] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5555] <... mprotect resumed>) = 0 [pid 5556] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5557 attached [pid 5557] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5557] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5555] <... clone3 resumed> => {parent_tid=[5557]}, 88) = 5557 [pid 5557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5555] rt_sigprocmask(SIG_SETMASK, [], [pid 5557] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5555] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = 0 [pid 5555] <... futex resumed>) = 1 [pid 5557] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5555] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... open resumed>) = 4 [pid 5557] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5557] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... futex resumed>) = 0 [pid 5556] <... write resumed>) = 262144 [pid 5557] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5556] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5557] <... mount resumed>) = 0 [pid 5556] ioctl(5, LOOP_SET_FD, 3 [pid 5557] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5557] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5557] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... open resumed>) = 6 [pid 5557] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5555] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5557] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5556] <... ioctl resumed>) = 0 [pid 5556] close(3) = 0 [pid 5556] mkdir("./file1", 0777) = 0 [pid 5556] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5557] <... write resumed>) = -1 EIO (Input/output error) [pid 5557] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... futex resumed>) = 0 [pid 5556] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5556] ioctl(5, LOOP_CLR_FD) = 0 [pid 5556] close(5) = 0 [pid 5556] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] exit_group(0) = ? [pid 5557] <... futex resumed>) = ? [pid 5556] <... futex resumed>) = ? [pid 5557] +++ exited with 0 +++ [pid 5556] +++ exited with 0 +++ [pid 5555] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5555, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/bus") = 0 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 umount2("./133/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5558 ./strace-static-x86_64: Process 5558 attached [pid 5558] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5558] chdir("./134") = 0 [pid 5558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5558] setpgid(0, 0) = 0 [pid 5558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5558] write(3, "1000", 4) = 4 [pid 5558] close(3) = 0 [pid 5558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5558] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.674984][ T5556] loop0: detected capacity change from 0 to 512 [ 65.680368][ T5557] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 65.692069][ T5557] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 65.705745][ T5556] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5558] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5558] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5558] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5559 attached [pid 5559] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5559] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5559] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] <... clone3 resumed> => {parent_tid=[5559]}, 88) = 5559 [pid 5558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5558] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = 0 [pid 5558] <... futex resumed>) = 1 [pid 5558] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] memfd_create("syzkaller", 0 [pid 5558] <... futex resumed>) = 0 [pid 5558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5559] <... memfd_create resumed>) = 3 [pid 5559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5558] <... mmap resumed>) = 0x7f81bb17d000 [pid 5558] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5559] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5558] <... mprotect resumed>) = 0 [pid 5558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5560 attached [pid 5559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5558] <... clone3 resumed> => {parent_tid=[5560]}, 88) = 5560 [pid 5558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5558] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5558] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] <... rseq resumed>) = 0 [pid 5560] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5560] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5559] <... write resumed>) = 262144 [pid 5559] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5560] <... open resumed>) = 4 [pid 5559] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5560] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5560] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5558] <... futex resumed>) = 0 [pid 5560] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5558] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] <... mount resumed>) = 0 [pid 5559] <... openat resumed>) = 5 [pid 5559] ioctl(5, LOOP_SET_FD, 3 [pid 5560] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] <... futex resumed>) = 1 [pid 5560] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5560] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = 0 [pid 5560] <... futex resumed>) = 1 [pid 5558] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5558] <... futex resumed>) = 0 [pid 5559] <... ioctl resumed>) = 0 [pid 5558] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] close(3) = 0 [pid 5559] mkdir("./file1", 0777) = 0 [pid 5560] <... write resumed>) = -1 EIO (Input/output error) [pid 5560] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] <... futex resumed>) = 0 [pid 5559] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = -1 EINVAL (Invalid argument) [pid 5559] ioctl(5, LOOP_CLR_FD) = 0 [pid 5559] close(5) = 0 [pid 5559] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] exit_group(0) = ? [pid 5560] <... futex resumed>) = ? [pid 5560] +++ exited with 0 +++ [pid 5559] <... futex resumed>) = ? [pid 5559] +++ exited with 0 +++ [pid 5558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5558, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/bus") = 0 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 umount2("./134/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5561 attached , child_tidptr=0x555556eda690) = 5561 [pid 5561] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5561] chdir("./135") = 0 [pid 5561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5561] setpgid(0, 0) = 0 [pid 5561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5561] write(3, "1000", 4) = 4 [pid 5561] close(3) = 0 [pid 5561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5561] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5561] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5561] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5561] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5561] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5562 attached => {parent_tid=[5562]}, 88) = 5562 [pid 5562] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5561] rt_sigprocmask(SIG_SETMASK, [], [pid 5562] <... rseq resumed>) = 0 [pid 5561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5562] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5562] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5561] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 65.788771][ T5559] loop0: detected capacity change from 0 to 512 [ 65.792478][ T5560] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 65.804978][ T5560] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 65.819313][ T5559] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5562] <... futex resumed>) = 0 [pid 5561] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] memfd_create("syzkaller", 0 [pid 5561] <... futex resumed>) = 0 [pid 5562] <... memfd_create resumed>) = 3 [pid 5562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5561] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE [pid 5562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5561] <... mprotect resumed>) = 0 [pid 5561] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5561] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5563 attached => {parent_tid=[5563]}, 88) = 5563 [pid 5563] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5562] <... write resumed>) = 262144 [pid 5561] rt_sigprocmask(SIG_SETMASK, [], [pid 5563] <... rseq resumed>) = 0 [pid 5563] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5561] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] rt_sigprocmask(SIG_SETMASK, [], [pid 5561] <... futex resumed>) = 0 [pid 5563] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5561] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5562] munmap(0x7f81b2d9e000, 262144 [pid 5563] <... open resumed>) = 4 [pid 5563] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... munmap resumed>) = 0 [pid 5563] <... futex resumed>) = 1 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5563] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5563] <... futex resumed>) = 1 [pid 5561] <... futex resumed>) = 0 [pid 5562] <... openat resumed>) = 5 [pid 5561] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5562] ioctl(5, LOOP_SET_FD, 3 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... open resumed>) = 6 [pid 5563] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5561] <... futex resumed>) = 0 [pid 5563] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5561] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5561] <... futex resumed>) = 0 [pid 5563] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5562] <... ioctl resumed>) = 0 [pid 5562] close(3) = 0 [pid 5562] mkdir("./file1", 0777) = 0 [pid 5562] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5561] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... write resumed>) = -1 EIO (Input/output error) [pid 5563] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5561] <... futex resumed>) = 0 [ 65.882801][ T5562] loop0: detected capacity change from 0 to 512 [ 65.889254][ T5563] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 65.889282][ T5563] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 65.889312][ T5563] I/O error, dev loop0, sector 240 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 65.917081][ T5563] Buffer I/O error on dev loop0, logical block 30, lost async page write [pid 5563] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5562] ioctl(5, LOOP_CLR_FD) = 0 [pid 5562] close(5) = 0 [pid 5562] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5561] exit_group(0) = ? [pid 5563] <... futex resumed>) = ? [pid 5562] <... futex resumed>) = ? [pid 5563] +++ exited with 0 +++ [pid 5562] +++ exited with 0 +++ [pid 5561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5561, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/bus") = 0 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 umount2("./135/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5564 attached , child_tidptr=0x555556eda690) = 5564 [pid 5564] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5564] chdir("./136") = 0 [pid 5564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5564] setpgid(0, 0) = 0 [pid 5564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5564] write(3, "1000", 4) = 4 [pid 5564] close(3) = 0 [pid 5564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5564] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5564] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5564] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5564] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5565]}, 88) = 5565 [pid 5564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5565 attached [pid 5564] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5565] set_robust_list(0x7f81bb1be9a0, 24 [pid 5564] <... futex resumed>) = 0 [pid 5565] <... set_robust_list resumed>) = 0 [pid 5564] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5564] <... futex resumed>) = 0 [pid 5565] memfd_create("syzkaller", 0 [pid 5564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5565] <... memfd_create resumed>) = 3 [pid 5565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5564] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5565] <... mmap resumed>) = 0x7f81b2d7d000 [ 65.928171][ T5562] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5564] <... mprotect resumed>) = 0 [pid 5564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5566 attached => {parent_tid=[5566]}, 88) = 5566 [pid 5566] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5564] rt_sigprocmask(SIG_SETMASK, [], [pid 5566] <... rseq resumed>) = 0 [pid 5566] set_robust_list(0x7f81bb19d9a0, 24 [pid 5564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5566] <... set_robust_list resumed>) = 0 [pid 5564] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5564] <... futex resumed>) = 0 [pid 5566] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5564] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... open resumed>) = 4 [pid 5565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5566] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = 0 [pid 5564] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 1 [pid 5566] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5564] <... futex resumed>) = 0 [pid 5566] <... mount resumed>) = 0 [pid 5564] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = 0 [pid 5564] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] <... futex resumed>) = 1 [pid 5564] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5566] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = 0 [pid 5564] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5564] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5566] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5566] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] <... write resumed>) = 262144 [pid 5565] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5565] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5565] close(3) = 0 [pid 5565] mkdir("./file1", 0777) = 0 [pid 5565] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5565] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5565] chdir("./file1") = 0 [pid 5565] ioctl(6, LOOP_CLR_FD) = 0 [pid 5565] close(6) = 0 [pid 5565] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] exit_group(0 [pid 5566] <... futex resumed>) = ? [pid 5565] <... futex resumed>) = ? [pid 5564] <... exit_group resumed>) = ? [pid 5566] +++ exited with 0 +++ [pid 5565] +++ exited with 0 +++ [pid 5564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5564, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/bus") = 0 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 [ 65.986562][ T5565] loop0: detected capacity change from 0 to 512 [ 66.008253][ T5565] EXT4-fs (loop0): 1 orphan inode deleted [ 66.014033][ T5565] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/136/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5570 ./strace-static-x86_64: Process 5570 attached [pid 5570] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5570] chdir("./137") = 0 [pid 5570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5570] setpgid(0, 0) = 0 [pid 5570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5570] write(3, "1000", 4) = 4 [pid 5570] close(3) = 0 [pid 5570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5570] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5570] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5571 attached [pid 5571] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5570] <... clone3 resumed> => {parent_tid=[5571]}, 88) = 5571 [pid 5571] <... rseq resumed>) = 0 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], [pid 5571] set_robust_list(0x7f81bb1be9a0, 24 [pid 5570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5571] <... set_robust_list resumed>) = 0 [pid 5570] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], [pid 5570] <... futex resumed>) = 0 [pid 5571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5570] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] memfd_create("syzkaller", 0 [pid 5570] <... futex resumed>) = 0 [pid 5571] <... memfd_create resumed>) = 3 [pid 5571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5571] <... write resumed>) = 262144 [pid 5571] munmap(0x7f81b2d9e000, 262144) = 0 [pid 5571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5571] close(3) = 0 [pid 5571] mkdir("./file1", 0777 [pid 5570] <... mmap resumed>) = 0x7f81b2dbd000 [pid 5570] mprotect(0x7f81b2dbe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2ddd990, parent_tid=0x7f81b2ddd990, exit_signal=0, stack=0x7f81b2dbd000, stack_size=0x20300, tls=0x7f81b2ddd6c0}./strace-static-x86_64: Process 5572 attached [pid 5572] rseq(0x7f81b2dddfe0, 0x20, 0, 0x53053053) = 0 [pid 5570] <... clone3 resumed> => {parent_tid=[5572]}, 88) = 5572 [pid 5572] set_robust_list(0x7f81b2ddd9a0, 24 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], [pid 5572] <... set_robust_list resumed>) = 0 [pid 5570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5572] rt_sigprocmask(SIG_SETMASK, [], [pid 5570] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5570] <... futex resumed>) = 0 [pid 5572] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5570] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] <... open resumed>) = 3 [pid 5571] <... mkdir resumed>) = 0 [pid 5572] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5572] <... futex resumed>) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5572] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5570] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5572] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = 1 [pid 5572] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] <... write resumed>) = 262144 [pid 5572] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5572] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5571] ioctl(4, LOOP_CLR_FD) = 0 [pid 5571] close(4) = 0 [pid 5571] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] exit_group(0 [pid 5572] <... futex resumed>) = ? [pid 5571] <... futex resumed>) = ? [pid 5570] <... exit_group resumed>) = ? [pid 5572] +++ exited with 0 +++ [pid 5571] +++ exited with 0 +++ [pid 5570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5570, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/bus") = 0 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5573 ./strace-static-x86_64: Process 5573 attached [pid 5573] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5573] chdir("./138") = 0 [pid 5573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5573] setpgid(0, 0) = 0 [pid 5573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5573] write(3, "1000", 4) = 4 [pid 5573] close(3) = 0 [pid 5573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5573] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5573] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5573] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5574 attached => {parent_tid=[5574]}, 88) = 5574 [pid 5574] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5573] rt_sigprocmask(SIG_SETMASK, [], [pid 5574] <... rseq resumed>) = 0 [pid 5573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5574] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5573] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5573] <... futex resumed>) = 0 [pid 5574] memfd_create("syzkaller", 0) = 3 [pid 5573] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5574] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5573] <... mmap resumed>) = 0x7f81bb17d000 [pid 5574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5573] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5573] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5574] <... write resumed>) = 262144 [pid 5573] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [ 66.098525][ T5571] loop0: detected capacity change from 0 to 512 [ 66.116443][ T5571] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5574] munmap(0x7f81b2d7d000, 262144./strace-static-x86_64: Process 5575 attached ) = 0 [pid 5574] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5575] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5574] <... openat resumed>) = 4 [pid 5573] <... clone3 resumed> => {parent_tid=[5575]}, 88) = 5575 [pid 5575] <... rseq resumed>) = 0 [pid 5573] rt_sigprocmask(SIG_SETMASK, [], [pid 5575] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5575] rt_sigprocmask(SIG_SETMASK, [], [pid 5574] ioctl(4, LOOP_SET_FD, 3 [pid 5575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5573] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5573] <... futex resumed>) = 0 [pid 5573] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] <... ioctl resumed>) = 0 [pid 5574] close(3) = 0 [pid 5574] mkdir("./file1", 0777 [pid 5575] <... open resumed>) = 5 [pid 5575] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... mkdir resumed>) = 0 [pid 5573] <... futex resumed>) = 0 [pid 5575] <... futex resumed>) = 1 [pid 5573] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5573] <... futex resumed>) = 0 [pid 5574] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5573] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] <... mount resumed>) = 0 [pid 5575] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = 0 [pid 5575] <... futex resumed>) = 1 [pid 5573] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5573] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] <... open resumed>) = 3 [pid 5575] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5575] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5573] <... futex resumed>) = 0 [pid 5575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5573] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] <... write resumed>) = 262144 [pid 5575] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = 0 [pid 5575] <... futex resumed>) = 1 [pid 5575] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5574] ioctl(4, LOOP_CLR_FD) = 0 [pid 5574] close(4) = 0 [pid 5574] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] exit_group(0 [pid 5575] <... futex resumed>) = ? [pid 5575] +++ exited with 0 +++ [pid 5573] <... exit_group resumed>) = ? [pid 5574] <... futex resumed>) = ? [pid 5574] +++ exited with 0 +++ [pid 5573] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5573, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/bus") = 0 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 umount2("./138/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 66.180405][ T5574] loop0: detected capacity change from 0 to 512 [ 66.192765][ T5574] EXT4-fs (loop0): Magic mismatch, very weird! rmdir("./138/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5576 attached , child_tidptr=0x555556eda690) = 5576 [pid 5576] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5576] chdir("./139") = 0 [pid 5576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5576] setpgid(0, 0) = 0 [pid 5576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5576] write(3, "1000", 4) = 4 [pid 5576] close(3) = 0 [pid 5576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5576] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5576] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5577 attached => {parent_tid=[5577]}, 88) = 5577 [pid 5576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5577] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5577] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5576] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5576] <... futex resumed>) = 0 [pid 5577] memfd_create("syzkaller", 0) = 3 [pid 5576] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5576] <... futex resumed>) = 0 [pid 5576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5576] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5578 attached [pid 5578] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5576] <... clone3 resumed> => {parent_tid=[5578]}, 88) = 5578 [pid 5578] <... rseq resumed>) = 0 [pid 5576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5578] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5576] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... set_robust_list resumed>) = 0 [pid 5578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5578] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5577] <... write resumed>) = 262144 [pid 5576] <... futex resumed>) = 0 [pid 5578] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] munmap(0x7f81b2d9e000, 262144 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 1 [pid 5578] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5576] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... mount resumed>) = 0 [pid 5577] <... munmap resumed>) = 0 [pid 5577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5578] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5578] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5576] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] ioctl(5, LOOP_SET_FD, 3 [pid 5578] <... open resumed>) = 6 [pid 5576] <... futex resumed>) = 0 [pid 5578] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... futex resumed>) = 0 [pid 5577] <... ioctl resumed>) = 0 [pid 5578] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] close(3 [pid 5576] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... close resumed>) = 0 [pid 5578] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 1 [pid 5578] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5576] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] mkdir("./file1", 0777) = 0 [pid 5577] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5578] <... write resumed>) = 262144 [pid 5578] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = 0 [pid 5578] <... futex resumed>) = 1 [pid 5578] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5577] ioctl(5, LOOP_CLR_FD) = 0 [pid 5577] close(5) = 0 [pid 5577] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] exit_group(0 [pid 5578] <... futex resumed>) = ? [pid 5577] <... futex resumed>) = ? [pid 5576] <... exit_group resumed>) = ? [pid 5578] +++ exited with 0 +++ [pid 5577] +++ exited with 0 +++ [pid 5576] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5576, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/bus") = 0 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5579 attached [pid 5579] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5579] chdir("./140") = 0 [pid 5579] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5579 [pid 5579] <... prctl resumed>) = 0 [pid 5579] setpgid(0, 0) = 0 [pid 5579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5579] write(3, "1000", 4) = 4 [pid 5579] close(3) = 0 [pid 5579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5579] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5579] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5579] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 66.272064][ T5577] loop0: detected capacity change from 0 to 512 [ 66.288140][ T5577] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5579] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5580]}, 88) = 5580 [pid 5579] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5580 attached NULL, 8) = 0 [pid 5580] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5579] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] set_robust_list(0x7f81bb1be9a0, 24 [pid 5579] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5579] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5579] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5580] <... set_robust_list resumed>) = 0 [pid 5580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5580] memfd_create("syzkaller", 0 [pid 5579] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5581 attached => {parent_tid=[5581]}, 88) = 5581 [pid 5581] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5580] <... memfd_create resumed>) = 3 [pid 5579] rt_sigprocmask(SIG_SETMASK, [], [pid 5581] <... rseq resumed>) = 0 [pid 5579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5581] set_robust_list(0x7f81bb19d9a0, 24 [pid 5580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5579] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... set_robust_list resumed>) = 0 [pid 5580] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5579] <... futex resumed>) = 0 [pid 5581] rt_sigprocmask(SIG_SETMASK, [], [pid 5579] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5581] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5581] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5581] <... mount resumed>) = 0 [pid 5581] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5581] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5579] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... open resumed>) = 5 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5581] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5579] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5581] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... futex resumed>) = 0 [pid 5579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5581] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] <... write resumed>) = 262144 [pid 5580] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5580] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5580] close(3) = 0 [pid 5580] mkdir("./file1", 0777) = 0 [pid 5580] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5580] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5580] chdir("./file1") = 0 [pid 5580] ioctl(6, LOOP_CLR_FD) = 0 [pid 5580] close(6) = 0 [pid 5580] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5579] exit_group(0) = ? [pid 5580] <... futex resumed>) = ? [pid 5580] +++ exited with 0 +++ [pid 5581] <... futex resumed>) = ? [pid 5581] +++ exited with 0 +++ [pid 5579] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5579, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/bus") = 0 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 umount2("./140/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5584 attached [pid 5584] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5584] chdir("./141") = 0 [pid 5584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5584] setpgid(0, 0) = 0 [pid 5584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5584 [pid 5584] <... openat resumed>) = 3 [pid 5584] write(3, "1000", 4) = 4 [pid 5584] close(3) = 0 [pid 5584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5584] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5584] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 66.347119][ T5580] loop0: detected capacity change from 0 to 512 [ 66.368273][ T5580] EXT4-fs (loop0): 1 orphan inode deleted [ 66.374231][ T5580] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/140/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5585 attached => {parent_tid=[5585]}, 88) = 5585 [pid 5585] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5585] set_robust_list(0x7f81bb1be9a0, 24 [pid 5584] rt_sigprocmask(SIG_SETMASK, [], [pid 5585] <... set_robust_list resumed>) = 0 [pid 5584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5585] rt_sigprocmask(SIG_SETMASK, [], [pid 5584] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5585] memfd_create("syzkaller", 0 [pid 5584] <... futex resumed>) = 0 [pid 5585] <... memfd_create resumed>) = 3 [pid 5584] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5584] <... futex resumed>) = 0 [pid 5585] <... mmap resumed>) = 0x7f81b2d9e000 [pid 5584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5584] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5584] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} => {parent_tid=[5586]}, 88) = 5586 [pid 5584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5584] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5586 attached [pid 5586] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5586] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5586] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5585] <... write resumed>) = 262144 [pid 5585] munmap(0x7f81b2d9e000, 262144 [pid 5586] <... open resumed>) = 4 [pid 5585] <... munmap resumed>) = 0 [pid 5585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5585] ioctl(5, LOOP_SET_FD, 3 [pid 5586] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... futex resumed>) = 0 [pid 5584] <... futex resumed>) = 1 [pid 5586] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5584] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... mount resumed>) = 0 [pid 5586] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... futex resumed>) = 1 [pid 5586] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5586] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... ioctl resumed>) = 0 [pid 5584] <... futex resumed>) = 0 [pid 5586] <... futex resumed>) = 1 [pid 5584] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5585] close(3 [pid 5584] <... futex resumed>) = 0 [pid 5585] <... close resumed>) = 0 [pid 5584] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] mkdir("./file1", 0777) = 0 [pid 5585] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5586] <... write resumed>) = 262144 [pid 5586] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5586] <... futex resumed>) = 1 [pid 5586] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5585] ioctl(5, LOOP_CLR_FD) = 0 [pid 5585] close(5) = 0 [pid 5585] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] exit_group(0) = ? [pid 5586] <... futex resumed>) = ? [pid 5586] +++ exited with 0 +++ [pid 5585] <... futex resumed>) = ? [pid 5585] +++ exited with 0 +++ [pid 5584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5584, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/bus") = 0 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 umount2("./141/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5587 ./strace-static-x86_64: Process 5587 attached [pid 5587] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5587] chdir("./142") = 0 [ 66.437492][ T5585] loop0: detected capacity change from 0 to 512 [ 66.452736][ T5585] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5587] setpgid(0, 0) = 0 [pid 5587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5587] write(3, "1000", 4) = 4 [pid 5587] close(3) = 0 [pid 5587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5587] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5587] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5587] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5587] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5588 attached [pid 5588] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5587] <... clone3 resumed> => {parent_tid=[5588]}, 88) = 5588 [pid 5588] <... rseq resumed>) = 0 [pid 5587] rt_sigprocmask(SIG_SETMASK, [], [pid 5588] set_robust_list(0x7f81bb1be9a0, 24 [pid 5587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5587] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... set_robust_list resumed>) = 0 [pid 5587] <... futex resumed>) = 0 [pid 5588] rt_sigprocmask(SIG_SETMASK, [], [pid 5587] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5587] <... futex resumed>) = 0 [pid 5588] memfd_create("syzkaller", 0 [pid 5587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5588] <... memfd_create resumed>) = 3 [pid 5587] <... mmap resumed>) = 0x7f81bb17d000 [pid 5588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5587] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5588] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5587] <... mprotect resumed>) = 0 [pid 5587] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5587] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5589 attached => {parent_tid=[5589]}, 88) = 5589 [pid 5587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5587] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... write resumed>) = 262144 [pid 5589] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5589] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5589] rt_sigprocmask(SIG_SETMASK, [], [pid 5588] munmap(0x7f81b2d7d000, 262144 [pid 5587] <... futex resumed>) = 0 [pid 5589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5587] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] <... munmap resumed>) = 0 [pid 5589] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5588] ioctl(5, LOOP_SET_FD, 3 [pid 5589] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... futex resumed>) = 0 [pid 5589] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5587] <... futex resumed>) = 1 [pid 5587] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... futex resumed>) = 1 [pid 5587] <... futex resumed>) = 0 [pid 5589] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5587] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... open resumed>) = 6 [pid 5589] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] <... futex resumed>) = 1 [pid 5587] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5588] <... ioctl resumed>) = 0 [pid 5588] close(3) = 0 [pid 5588] mkdir("./file1", 0777) = 0 [pid 5588] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5589] <... write resumed>) = 262144 [pid 5589] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] <... futex resumed>) = 0 [pid 5588] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5588] ioctl(5, LOOP_CLR_FD) = 0 [pid 5588] close(5) = 0 [pid 5588] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] exit_group(0 [pid 5588] <... futex resumed>) = ? [pid 5587] <... exit_group resumed>) = ? [pid 5589] <... futex resumed>) = ? [pid 5588] +++ exited with 0 +++ [pid 5589] +++ exited with 0 +++ [pid 5587] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5587, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/bus") = 0 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 umount2("./142/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5590 attached , child_tidptr=0x555556eda690) = 5590 [pid 5590] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5590] chdir("./143") = 0 [pid 5590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5590] setpgid(0, 0) = 0 [pid 5590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5590] write(3, "1000", 4) = 4 [pid 5590] close(3) = 0 [pid 5590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5590] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5590] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5590] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5591 attached [pid 5591] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5590] <... clone3 resumed> => {parent_tid=[5591]}, 88) = 5591 [pid 5591] <... rseq resumed>) = 0 [pid 5590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5590] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5590] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5591] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], [pid 5590] <... mprotect resumed>) = 0 [pid 5591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5591] memfd_create("syzkaller", 0 [pid 5590] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5591] <... memfd_create resumed>) = 3 [pid 5590] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5592 attached [pid 5592] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5592] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5592] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5590] <... clone3 resumed> => {parent_tid=[5592]}, 88) = 5592 [ 66.520772][ T5588] loop0: detected capacity change from 0 to 512 [ 66.538768][ T5588] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5590] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = 0 [pid 5590] <... futex resumed>) = 1 [pid 5592] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5590] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... futex resumed>) = 1 [pid 5591] <... write resumed>) = 262144 [pid 5591] munmap(0x7f81b2d7d000, 262144 [pid 5592] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5591] <... munmap resumed>) = 0 [pid 5591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5591] ioctl(5, LOOP_SET_FD, 3 [pid 5592] <... mount resumed>) = 0 [pid 5592] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5592] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5590] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... open resumed>) = 6 [pid 5592] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5592] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5590] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... ioctl resumed>) = 0 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] close(3) = 0 [pid 5591] mkdir("./file1", 0777) = 0 [pid 5591] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5592] <... write resumed>) = -1 EIO (Input/output error) [pid 5592] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5592] <... futex resumed>) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5592] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] ioctl(5, LOOP_CLR_FD) = 0 [pid 5591] close(5) = 0 [pid 5591] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] exit_group(0 [pid 5591] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5590] <... exit_group resumed>) = ? [pid 5592] <... futex resumed>) = ? [pid 5591] +++ exited with 0 +++ [pid 5592] +++ exited with 0 +++ [pid 5590] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5590, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/bus") = 0 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 umount2("./143/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5593 attached , child_tidptr=0x555556eda690) = 5593 [pid 5593] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5593] chdir("./144") = 0 [pid 5593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5593] setpgid(0, 0) = 0 [pid 5593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5593] write(3, "1000", 4) = 4 [pid 5593] close(3) = 0 [pid 5593] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5593] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5593] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5593] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5593] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5593] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5594 attached => {parent_tid=[5594]}, 88) = 5594 [pid 5594] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5594] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5593] rt_sigprocmask(SIG_SETMASK, [], [pid 5594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 66.586075][ T5591] loop0: detected capacity change from 0 to 512 [ 66.591578][ T5592] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 66.602795][ T5592] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 66.614352][ T5591] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5594] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5593] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5594] memfd_create("syzkaller", 0) = 3 [pid 5594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5593] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5593] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5593] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5593] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5595 attached => {parent_tid=[5595]}, 88) = 5595 [pid 5593] rt_sigprocmask(SIG_SETMASK, [], [pid 5595] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5593] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... rseq resumed>) = 0 [pid 5595] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5593] <... futex resumed>) = 0 [pid 5595] rt_sigprocmask(SIG_SETMASK, [], [pid 5593] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5595] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5595] <... open resumed>) = 4 [pid 5595] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] <... futex resumed>) = 0 [pid 5595] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5593] <... futex resumed>) = 0 [pid 5595] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5593] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... mount resumed>) = 0 [pid 5595] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] <... futex resumed>) = 0 [pid 5595] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5593] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... open resumed>) = 5 [pid 5594] <... write resumed>) = 262144 [pid 5593] <... futex resumed>) = 0 [pid 5595] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... futex resumed>) = 0 [pid 5593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5595] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] munmap(0x7f81b2d9e000, 262144 [pid 5595] <... futex resumed>) = 0 [pid 5593] <... futex resumed>) = 1 [pid 5595] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5594] <... munmap resumed>) = 0 [pid 5593] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5594] ioctl(6, LOOP_SET_FD, 3 [pid 5595] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] <... futex resumed>) = 0 [pid 5595] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] <... ioctl resumed>) = 0 [pid 5594] close(3) = 0 [pid 5594] mkdir("./file1", 0777) = 0 [pid 5594] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5594] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5594] chdir("./file1") = 0 [pid 5594] ioctl(6, LOOP_CLR_FD) = 0 [pid 5594] close(6) = 0 [pid 5594] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] exit_group(0 [pid 5595] <... futex resumed>) = ? [pid 5594] <... futex resumed>) = ? [pid 5593] <... exit_group resumed>) = ? [pid 5595] +++ exited with 0 +++ [pid 5594] +++ exited with 0 +++ [pid 5593] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5593, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/bus") = 0 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 [ 66.678876][ T5594] loop0: detected capacity change from 0 to 512 [ 66.708024][ T5594] EXT4-fs (loop0): 1 orphan inode deleted [ 66.713964][ T5594] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/144/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./144/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5598 attached [pid 5598] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5598] chdir("./145") = 0 [pid 5598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5598] setpgid(0, 0) = 0 [pid 5598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5598] write(3, "1000", 4) = 4 [pid 5598] close(3) = 0 [pid 5598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5598 [pid 5598] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5598] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5598] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5598] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5599 attached => {parent_tid=[5599]}, 88) = 5599 [pid 5598] rt_sigprocmask(SIG_SETMASK, [], [pid 5599] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5599] <... rseq resumed>) = 0 [pid 5598] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5598] <... futex resumed>) = 0 [pid 5599] rt_sigprocmask(SIG_SETMASK, [], [pid 5598] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5599] memfd_create("syzkaller", 0 [pid 5598] <... futex resumed>) = 0 [pid 5598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5598] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5598] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5600]}, 88) = 5600 [pid 5598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5598] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5600 attached [pid 5600] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5600] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5600] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5600] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5598] <... futex resumed>) = 0 [pid 5598] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5600] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5598] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5598] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] <... futex resumed>) = 1 [pid 5600] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5600] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5598] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] <... futex resumed>) = 1 [pid 5598] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5600] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5598] <... futex resumed>) = 0 [pid 5600] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5599] <... memfd_create resumed>) = 5 [pid 5599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5599] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5599] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5599] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5599] close(5) = 0 [pid 5599] mkdir("./file1", 0777) = 0 [ 66.787491][ T5599] __do_sys_memfd_create: 41 callbacks suppressed [ 66.787505][ T5599] syz-executor212[5599]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 66.803891][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 66.803903][ T28] audit: type=1800 audit(1693866697.541:147): pid=5600 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 66.819538][ T5599] loop0: detected capacity change from 0 to 512 [pid 5599] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5599] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5599] chdir("./file1") = 0 [pid 5599] ioctl(6, LOOP_CLR_FD) = 0 [pid 5599] close(6) = 0 [pid 5599] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5599] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5598] exit_group(0 [pid 5600] <... futex resumed>) = ? [pid 5599] <... futex resumed>) = ? [pid 5600] +++ exited with 0 +++ [pid 5599] +++ exited with 0 +++ [pid 5598] <... exit_group resumed>) = ? [pid 5598] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5598, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/bus") = 0 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5604 attached [pid 5604] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5604] chdir("./146") = 0 [pid 5604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5604] setpgid(0, 0) = 0 [pid 5604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5604 [pid 5604] write(3, "1000", 4) = 4 [pid 5604] close(3) = 0 [pid 5604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5604] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5604] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5604] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 66.847944][ T5599] EXT4-fs (loop0): 1 orphan inode deleted [ 66.853985][ T5599] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/145/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5604] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5604] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5605 attached => {parent_tid=[5605]}, 88) = 5605 [pid 5605] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5604] rt_sigprocmask(SIG_SETMASK, [], [pid 5605] <... rseq resumed>) = 0 [pid 5604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5604] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] set_robust_list(0x7f81bb1be9a0, 24 [pid 5604] <... futex resumed>) = 0 [pid 5605] <... set_robust_list resumed>) = 0 [pid 5605] rt_sigprocmask(SIG_SETMASK, [], [pid 5604] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5605] memfd_create("syzkaller", 0 [pid 5604] <... mmap resumed>) = 0x7f81bb17d000 [pid 5604] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5604] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5604] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5606]}, 88) = 5606 [pid 5604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5604] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... memfd_create resumed>) = 3 [pid 5605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 ./strace-static-x86_64: Process 5606 attached [pid 5606] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5606] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5606] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5605] <... write resumed>) = 262144 [pid 5605] munmap(0x7f81b2d7d000, 262144 [pid 5606] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... munmap resumed>) = 0 [pid 5606] <... futex resumed>) = 1 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5606] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = 1 [pid 5606] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5604] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5606] <... mount resumed>) = 0 [pid 5606] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... openat resumed>) = 5 [pid 5606] <... futex resumed>) = 1 [pid 5605] ioctl(5, LOOP_SET_FD, 3 [pid 5604] <... futex resumed>) = 0 [pid 5606] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5604] <... futex resumed>) = 0 [pid 5606] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5606] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5604] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = 1 [pid 5606] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 66.915784][ T5605] syz-executor212[5605]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 66.929864][ T28] audit: type=1800 audit(1693866697.671:148): pid=5606 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5604] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... ioctl resumed>) = 0 [pid 5605] close(3) = 0 [pid 5605] mkdir("./file1", 0777) = 0 [pid 5605] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5606] <... write resumed>) = 262144 [pid 5606] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5606] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5605] ioctl(5, LOOP_CLR_FD) = 0 [pid 5605] close(5) = 0 [pid 5605] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] exit_group(0 [pid 5605] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5604] <... exit_group resumed>) = ? [pid 5606] <... futex resumed>) = ? [pid 5606] +++ exited with 0 +++ [pid 5605] +++ exited with 0 +++ [pid 5604] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5604, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/bus") = 0 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 umount2("./146/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5607 attached [pid 5607] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5607 [pid 5607] chdir("./147") = 0 [pid 5607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5607] setpgid(0, 0) = 0 [pid 5607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5607] write(3, "1000", 4) = 4 [pid 5607] close(3) = 0 [pid 5607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5607] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5607] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5607] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5608 attached => {parent_tid=[5608]}, 88) = 5608 [pid 5608] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], [pid 5608] <... rseq resumed>) = 0 [pid 5608] set_robust_list(0x7f81bb1be9a0, 24 [pid 5607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5608] <... set_robust_list resumed>) = 0 [pid 5607] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] rt_sigprocmask(SIG_SETMASK, [], [pid 5607] <... futex resumed>) = 0 [pid 5608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5607] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5608] memfd_create("syzkaller", 0 [pid 5607] <... mmap resumed>) = 0x7f81bb17d000 [ 66.961881][ T5605] loop0: detected capacity change from 0 to 512 [ 66.973739][ T5605] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5607] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5608] <... memfd_create resumed>) = 3 [pid 5608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5608] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5608] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5607] <... mprotect resumed>) = 0 [pid 5607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5609 attached [pid 5609] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5607] <... clone3 resumed> => {parent_tid=[5609]}, 88) = 5609 [pid 5609] <... rseq resumed>) = 0 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], [pid 5609] set_robust_list(0x7f81bb19d9a0, 24 [pid 5607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5609] <... set_robust_list resumed>) = 0 [pid 5607] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] rt_sigprocmask(SIG_SETMASK, [], [pid 5607] <... futex resumed>) = 0 [pid 5609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5607] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5608] <... openat resumed>) = 5 [pid 5609] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5609] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5607] <... futex resumed>) = 0 [pid 5609] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5607] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... mount resumed>) = 0 [pid 5609] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... futex resumed>) = 1 [pid 5609] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5609] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5609] <... futex resumed>) = 1 [pid 5607] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5607] <... futex resumed>) = 0 [pid 5609] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5607] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5609] <... futex resumed>) = 1 [pid 5609] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5608] close(3) = 0 [pid 5608] mkdir("./file1", 0777) = 0 [ 67.020973][ T5608] syz-executor212[5608]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.038180][ T28] audit: type=1800 audit(1693866697.781:149): pid=5609 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.059063][ T5608] loop0: detected capacity change from 0 to 512 [pid 5608] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5608] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5608] chdir("./file1") = 0 [pid 5608] ioctl(5, LOOP_CLR_FD) = 0 [pid 5608] close(5) = 0 [pid 5608] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] exit_group(0) = ? [pid 5609] <... futex resumed>) = ? [pid 5608] <... futex resumed>) = ? [pid 5609] +++ exited with 0 +++ [pid 5608] +++ exited with 0 +++ [pid 5607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5607, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/bus") = 0 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 umount2("./147/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 67.078200][ T5608] EXT4-fs (loop0): 1 orphan inode deleted [ 67.083992][ T5608] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/147/file1 supports timestamps until 2038-01-19 (0x7fffffff) rmdir("./147/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5612 attached , child_tidptr=0x555556eda690) = 5612 [pid 5612] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5612] chdir("./148") = 0 [pid 5612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5612] setpgid(0, 0) = 0 [pid 5612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5612] write(3, "1000", 4) = 4 [pid 5612] close(3) = 0 [pid 5612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5612] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5612] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5612] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5613 attached => {parent_tid=[5613]}, 88) = 5613 [pid 5612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5612] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5612] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5612] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5613] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5612] <... mprotect resumed>) = 0 [pid 5612] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5613] set_robust_list(0x7f81bb1be9a0, 24 [pid 5612] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5613] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5614 attached [pid 5613] rt_sigprocmask(SIG_SETMASK, [], [pid 5612] <... clone3 resumed> => {parent_tid=[5614]}, 88) = 5614 [pid 5612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5612] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5614] <... rseq resumed>) = 0 [pid 5612] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] set_robust_list(0x7f81bb19d9a0, 24 [pid 5613] memfd_create("syzkaller", 0 [pid 5614] <... set_robust_list resumed>) = 0 [pid 5614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5614] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5613] <... memfd_create resumed>) = 4 [pid 5614] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5614] <... futex resumed>) = 1 [pid 5614] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = 0 [pid 5612] <... futex resumed>) = 1 [pid 5614] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5612] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] <... mount resumed>) = 0 [pid 5614] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5614] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5612] <... futex resumed>) = 0 [pid 5614] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5612] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] <... open resumed>) = 5 [pid 5614] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5614] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5612] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5612] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5613] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5613] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5613] close(4) = 0 [pid 5613] mkdir("./file1", 0777) = 0 [ 67.162014][ T5613] syz-executor212[5613]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.164077][ T28] audit: type=1800 audit(1693866697.901:150): pid=5614 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.200187][ T5613] loop0: detected capacity change from 0 to 512 [pid 5613] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5613] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5613] chdir("./file1") = 0 [pid 5613] ioctl(6, LOOP_CLR_FD) = 0 [pid 5613] close(6) = 0 [pid 5613] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] exit_group(0 [pid 5614] <... futex resumed>) = ? [pid 5613] <... futex resumed>) = ? [pid 5612] <... exit_group resumed>) = ? [pid 5614] +++ exited with 0 +++ [pid 5613] +++ exited with 0 +++ [pid 5612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5612, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/bus") = 0 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 umount2("./148/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 [ 67.217986][ T5613] EXT4-fs (loop0): 1 orphan inode deleted [ 67.223995][ T5613] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/148/file1 supports timestamps until 2038-01-19 (0x7fffffff) close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5617 ./strace-static-x86_64: Process 5617 attached [pid 5617] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5617] chdir("./149") = 0 [pid 5617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5617] setpgid(0, 0) = 0 [pid 5617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5617] write(3, "1000", 4) = 4 [pid 5617] close(3) = 0 [pid 5617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5617] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5617] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5617] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5617] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5618 attached => {parent_tid=[5618]}, 88) = 5618 [pid 5618] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5617] rt_sigprocmask(SIG_SETMASK, [], [pid 5618] <... rseq resumed>) = 0 [pid 5617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5618] set_robust_list(0x7f81bb1be9a0, 24 [pid 5617] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... set_robust_list resumed>) = 0 [pid 5618] rt_sigprocmask(SIG_SETMASK, [], [pid 5617] <... futex resumed>) = 0 [pid 5618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5617] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] memfd_create("syzkaller", 0 [pid 5617] <... futex resumed>) = 0 [pid 5617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5617] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5617] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5619]}, 88) = 5619 [pid 5617] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5617] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5619 attached [pid 5619] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5619] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5619] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5618] <... memfd_create resumed>) = 4 [pid 5619] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5619] <... futex resumed>) = 1 [pid 5619] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5617] <... futex resumed>) = 0 [pid 5617] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5617] <... futex resumed>) = 1 [pid 5619] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5617] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... mount resumed>) = 0 [pid 5619] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5619] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5617] <... futex resumed>) = 0 [pid 5619] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5617] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... open resumed>) = 5 [pid 5619] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5617] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5617] <... futex resumed>) = 0 [pid 5619] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5617] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5618] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5618] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5618] close(4) = 0 [pid 5618] mkdir("./file1", 0777) = 0 [ 67.296740][ T5618] syz-executor212[5618]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.305607][ T28] audit: type=1800 audit(1693866698.051:151): pid=5619 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.334527][ T5618] loop0: detected capacity change from 0 to 512 [pid 5618] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5618] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5618] chdir("./file1") = 0 [pid 5618] ioctl(6, LOOP_CLR_FD) = 0 [pid 5618] close(6) = 0 [pid 5618] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] exit_group(0) = ? [pid 5619] <... futex resumed>) = ? [pid 5619] +++ exited with 0 +++ [pid 5618] +++ exited with 0 +++ [pid 5617] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5617, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/bus") = 0 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 umount2("./149/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 67.348269][ T5618] EXT4-fs (loop0): 1 orphan inode deleted [ 67.354191][ T5618] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/149/file1 supports timestamps until 2038-01-19 (0x7fffffff) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5622 ./strace-static-x86_64: Process 5622 attached [pid 5622] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5622] chdir("./150") = 0 [pid 5622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5622] setpgid(0, 0) = 0 [pid 5622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5622] write(3, "1000", 4) = 4 [pid 5622] close(3) = 0 [pid 5622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5622] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5622] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5622] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5623 attached => {parent_tid=[5623]}, 88) = 5623 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5622] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5623] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5622] <... mmap resumed>) = 0x7f81bb17d000 [pid 5622] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5622] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5623] <... rseq resumed>) = 0 [pid 5622] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5623] set_robust_list(0x7f81bb1be9a0, 24 [pid 5622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5623] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5624 attached [pid 5623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5622] <... clone3 resumed> => {parent_tid=[5624]}, 88) = 5624 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], [pid 5623] memfd_create("syzkaller", 0 [pid 5622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5622] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5624] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5624] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5624] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5623] <... memfd_create resumed>) = 4 [pid 5623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5624] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] <... futex resumed>) = 0 [pid 5622] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = 0 [pid 5622] <... futex resumed>) = 1 [pid 5624] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5623] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5624] <... mount resumed>) = 0 [pid 5622] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5624] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5622] <... futex resumed>) = 0 [pid 5624] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5623] <... write resumed>) = 262144 [pid 5622] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] <... open resumed>) = 5 [pid 5623] munmap(0x7f81b2d7d000, 262144 [pid 5624] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... munmap resumed>) = 0 [pid 5622] <... futex resumed>) = 0 [pid 5624] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5622] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5623] <... openat resumed>) = 6 [pid 5622] <... futex resumed>) = 0 [pid 5624] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5623] ioctl(6, LOOP_SET_FD, 4 [pid 5622] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5624] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5622] <... futex resumed>) = 0 [pid 5624] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] <... ioctl resumed>) = 0 [pid 5623] close(4) = 0 [pid 5623] mkdir("./file1", 0777) = 0 [ 67.429079][ T5623] syz-executor212[5623]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.431551][ T28] audit: type=1800 audit(1693866698.171:152): pid=5624 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.467729][ T5623] loop0: detected capacity change from 0 to 512 [pid 5623] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5623] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5623] chdir("./file1") = 0 [pid 5623] ioctl(6, LOOP_CLR_FD) = 0 [pid 5623] close(6) = 0 [pid 5623] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] exit_group(0 [pid 5624] <... futex resumed>) = ? [pid 5624] +++ exited with 0 +++ [pid 5623] <... futex resumed>) = ? [pid 5623] +++ exited with 0 +++ [pid 5622] <... exit_group resumed>) = ? [pid 5622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5622, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/bus") = 0 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 umount2("./150/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 67.487610][ T5623] EXT4-fs (loop0): 1 orphan inode deleted [ 67.493557][ T5623] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/150/file1 supports timestamps until 2038-01-19 (0x7fffffff) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5627 ./strace-static-x86_64: Process 5627 attached [pid 5627] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5627] chdir("./151") = 0 [pid 5627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5627] setpgid(0, 0) = 0 [pid 5627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5627] write(3, "1000", 4) = 4 [pid 5627] close(3) = 0 [pid 5627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5627] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5627] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5628 attached [pid 5628] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5627] <... clone3 resumed> => {parent_tid=[5628]}, 88) = 5628 [pid 5628] <... rseq resumed>) = 0 [pid 5627] rt_sigprocmask(SIG_SETMASK, [], [pid 5628] set_robust_list(0x7f81bb1be9a0, 24 [pid 5627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5628] <... set_robust_list resumed>) = 0 [pid 5627] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] rt_sigprocmask(SIG_SETMASK, [], [pid 5627] <... futex resumed>) = 0 [pid 5628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5627] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] memfd_create("syzkaller", 0 [pid 5627] <... futex resumed>) = 0 [pid 5627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5627] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5629 attached => {parent_tid=[5629]}, 88) = 5629 [pid 5627] rt_sigprocmask(SIG_SETMASK, [], [pid 5629] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5629] <... rseq resumed>) = 0 [pid 5627] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5627] <... futex resumed>) = 0 [pid 5629] rt_sigprocmask(SIG_SETMASK, [], [pid 5627] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5629] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5629] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... futex resumed>) = 1 [pid 5629] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5629] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5629] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5627] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... open resumed>) = 4 [pid 5629] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5629] <... futex resumed>) = 1 [pid 5629] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5627] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5627] <... futex resumed>) = 0 [pid 5629] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5629] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] <... memfd_create resumed>) = 5 [pid 5628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5628] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5628] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5628] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5628] close(5) = 0 [pid 5628] mkdir("./file1", 0777) = 0 [ 67.562957][ T5628] syz-executor212[5628]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.572733][ T28] audit: type=1800 audit(1693866698.311:153): pid=5629 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.581962][ T5628] loop0: detected capacity change from 0 to 512 [pid 5628] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5628] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5628] chdir("./file1") = 0 [pid 5628] ioctl(6, LOOP_CLR_FD) = 0 [pid 5628] close(6) = 0 [pid 5628] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5628] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5627] exit_group(0 [pid 5628] <... futex resumed>) = ? [pid 5627] <... exit_group resumed>) = ? [pid 5628] +++ exited with 0 +++ [pid 5629] <... futex resumed>) = ? [pid 5629] +++ exited with 0 +++ [pid 5627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5627, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/bus") = 0 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 umount2("./151/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 67.607841][ T5628] EXT4-fs (loop0): 1 orphan inode deleted [ 67.613781][ T5628] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/151/file1 supports timestamps until 2038-01-19 (0x7fffffff) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5632 attached [pid 5632] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5632] chdir("./152") = 0 [pid 5632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5632] setpgid(0, 0) = 0 [pid 5632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5632] write(3, "1000", 4) = 4 [pid 5632] close(3) = 0 [pid 5632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5632] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5632 [pid 5632] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5632] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5633 attached [pid 5633] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5632] <... clone3 resumed> => {parent_tid=[5633]}, 88) = 5633 [pid 5633] <... rseq resumed>) = 0 [pid 5632] rt_sigprocmask(SIG_SETMASK, [], [pid 5633] set_robust_list(0x7f81bb1be9a0, 24 [pid 5632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] <... set_robust_list resumed>) = 0 [pid 5632] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] rt_sigprocmask(SIG_SETMASK, [], [pid 5632] <... futex resumed>) = 0 [pid 5633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5632] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] memfd_create("syzkaller", 0 [pid 5632] <... futex resumed>) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5632] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5633] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5634 attached [pid 5633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5632] <... clone3 resumed> => {parent_tid=[5634]}, 88) = 5634 [pid 5634] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5633] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5634] <... rseq resumed>) = 0 [pid 5634] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5634] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5632] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] <... futex resumed>) = 0 [pid 5634] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5632] <... futex resumed>) = 1 [pid 5632] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] <... open resumed>) = 4 [pid 5634] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5634] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5633] <... write resumed>) = 262144 [pid 5632] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] <... futex resumed>) = 0 [pid 5633] munmap(0x7f81b2d7d000, 262144 [pid 5634] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5633] <... munmap resumed>) = 0 [pid 5634] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] <... futex resumed>) = 1 [pid 5634] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5634] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5634] <... futex resumed>) = 1 [pid 5632] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5633] ioctl(6, LOOP_SET_FD, 3 [pid 5634] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5634] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5634] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... futex resumed>) = 0 [pid 5633] <... ioctl resumed>) = 0 [pid 5633] close(3) = 0 [pid 5633] mkdir("./file1", 0777) = 0 [ 67.686598][ T5633] syz-executor212[5633]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.701196][ T28] audit: type=1800 audit(1693866698.441:154): pid=5634 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.721598][ T5633] loop0: detected capacity change from 0 to 512 [pid 5633] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5633] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5633] chdir("./file1") = 0 [pid 5633] ioctl(6, LOOP_CLR_FD) = 0 [pid 5633] close(6) = 0 [pid 5633] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] exit_group(0 [pid 5634] <... futex resumed>) = ? [pid 5632] <... exit_group resumed>) = ? [pid 5634] +++ exited with 0 +++ [pid 5633] <... futex resumed>) = ? [pid 5633] +++ exited with 0 +++ [pid 5632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5632, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/bus") = 0 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 umount2("./152/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5637 attached , child_tidptr=0x555556eda690) = 5637 [pid 5637] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5637] chdir("./153") = 0 [pid 5637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5637] setpgid(0, 0) = 0 [pid 5637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5637] write(3, "1000", 4) = 4 [pid 5637] close(3) = 0 [pid 5637] symlink("/dev/binderfs", "./binderfs") = 0 [ 67.738012][ T5633] EXT4-fs (loop0): 1 orphan inode deleted [ 67.743999][ T5633] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/152/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5637] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5637] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5637] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5638]}, 88) = 5638 ./strace-static-x86_64: Process 5638 attached [pid 5637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5638] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5637] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... rseq resumed>) = 0 [pid 5638] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5638] memfd_create("syzkaller", 0 [pid 5637] <... futex resumed>) = 0 [pid 5637] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5637] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5638] <... memfd_create resumed>) = 3 [pid 5638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5637] <... mprotect resumed>) = 0 [pid 5638] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5639 attached => {parent_tid=[5639]}, 88) = 5639 [pid 5637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5637] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5637] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... rseq resumed>) = 0 [pid 5639] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5639] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5639] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5637] <... futex resumed>) = 0 [pid 5639] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5637] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5637] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... mount resumed>) = 0 [pid 5638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5639] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... write resumed>) = 262144 [pid 5637] <... futex resumed>) = 0 [pid 5637] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5637] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5639] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = 0 [pid 5637] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5637] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... futex resumed>) = 1 [pid 5639] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5639] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5639] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5638] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5638] close(3) = 0 [pid 5638] mkdir("./file1", 0777) = 0 [ 67.807003][ T5638] syz-executor212[5638]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.821288][ T28] audit: type=1800 audit(1693866698.561:155): pid=5639 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.833159][ T5638] loop0: detected capacity change from 0 to 512 [pid 5638] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5638] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5638] chdir("./file1") = 0 [pid 5638] ioctl(6, LOOP_CLR_FD) = 0 [pid 5638] close(6) = 0 [pid 5638] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5637] exit_group(0 [pid 5639] <... futex resumed>) = ? [pid 5638] <... futex resumed>) = ? [pid 5637] <... exit_group resumed>) = ? [pid 5639] +++ exited with 0 +++ [pid 5638] +++ exited with 0 +++ [pid 5637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5637, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/bus") = 0 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 umount2("./153/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5642 ./strace-static-x86_64: Process 5642 attached [pid 5642] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5642] chdir("./154") = 0 [pid 5642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5642] setpgid(0, 0) = 0 [ 67.858030][ T5638] EXT4-fs (loop0): 1 orphan inode deleted [ 67.864043][ T5638] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5642] write(3, "1000", 4) = 4 [pid 5642] close(3) = 0 [pid 5642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5642] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5642] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5642] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5643 attached => {parent_tid=[5643]}, 88) = 5643 [pid 5642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5643] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5642] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... rseq resumed>) = 0 [pid 5643] set_robust_list(0x7f81bb1be9a0, 24 [pid 5642] <... futex resumed>) = 0 [pid 5643] <... set_robust_list resumed>) = 0 [pid 5643] rt_sigprocmask(SIG_SETMASK, [], [pid 5642] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5643] memfd_create("syzkaller", 0 [pid 5642] <... futex resumed>) = 0 [pid 5642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5642] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5644]}, 88) = 5644 [pid 5642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5642] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5644 attached [pid 5643] <... memfd_create resumed>) = 3 [pid 5644] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5642] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5644] <... rseq resumed>) = 0 [pid 5643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5644] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5643] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5644] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5643] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5643] ioctl(5, LOOP_SET_FD, 3 [pid 5644] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5644] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5642] <... futex resumed>) = 0 [pid 5644] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5642] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5644] <... mount resumed>) = 0 [pid 5644] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5644] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5642] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5644] <... open resumed>) = 6 [pid 5644] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5644] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5642] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... ioctl resumed>) = 0 [pid 5643] close(3) = 0 [pid 5643] mkdir("./file1", 0777) = 0 [ 67.931918][ T5643] syz-executor212[5643]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.944261][ T28] audit: type=1800 audit(1693866698.681:156): pid=5644 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 67.950045][ T5643] loop0: detected capacity change from 0 to 512 [pid 5643] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5644] <... write resumed>) = 262144 [pid 5644] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5643] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5642] <... futex resumed>) = 0 [pid 5644] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5643] ioctl(5, LOOP_CLR_FD) = 0 [pid 5643] close(5) = 0 [pid 5643] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] exit_group(0 [pid 5644] <... futex resumed>) = ? [pid 5643] <... futex resumed>) = ? [pid 5642] <... exit_group resumed>) = ? [pid 5644] +++ exited with 0 +++ [pid 5643] +++ exited with 0 +++ [pid 5642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5642, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/bus") = 0 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 umount2("./154/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5645 ./strace-static-x86_64: Process 5645 attached [pid 5645] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5645] chdir("./155") = 0 [pid 5645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5645] setpgid(0, 0) = 0 [pid 5645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5645] write(3, "1000", 4) = 4 [pid 5645] close(3) = 0 [pid 5645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5645] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5645] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5645] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5646 attached [pid 5646] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5645] <... clone3 resumed> => {parent_tid=[5646]}, 88) = 5646 [pid 5646] <... rseq resumed>) = 0 [pid 5645] rt_sigprocmask(SIG_SETMASK, [], [pid 5646] set_robust_list(0x7f81bb1be9a0, 24 [pid 5645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5646] <... set_robust_list resumed>) = 0 [pid 5646] rt_sigprocmask(SIG_SETMASK, [], [pid 5645] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5645] <... futex resumed>) = 0 [pid 5646] memfd_create("syzkaller", 0) = 3 [pid 5646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5645] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5645] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5647 attached [pid 5646] <... write resumed>) = 262144 [pid 5645] <... clone3 resumed> => {parent_tid=[5647]}, 88) = 5647 [pid 5647] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5646] munmap(0x7f81b2d9e000, 262144 [pid 5645] rt_sigprocmask(SIG_SETMASK, [], [pid 5647] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5647] <... set_robust_list resumed>) = 0 [pid 5645] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] rt_sigprocmask(SIG_SETMASK, [], [pid 5645] <... futex resumed>) = 0 [pid 5647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5647] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5645] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] <... open resumed>) = 4 [pid 5646] <... munmap resumed>) = 0 [pid 5647] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [ 67.981640][ T5643] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5645] <... futex resumed>) = 0 [pid 5647] <... futex resumed>) = 1 [pid 5646] ioctl(5, LOOP_SET_FD, 3 [pid 5645] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5646] <... ioctl resumed>) = 0 [pid 5647] <... mount resumed>) = 0 [pid 5646] close(3 [pid 5647] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... close resumed>) = 0 [pid 5647] <... futex resumed>) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5647] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] mkdir("./file1", 0777 [pid 5645] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5647] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5646] <... mkdir resumed>) = 0 [pid 5645] <... futex resumed>) = 0 [pid 5647] <... open resumed>) = 3 [pid 5645] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5647] <... futex resumed>) = 0 [pid 5647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5645] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] <... write resumed>) = 262144 [pid 5647] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5647] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5646] ioctl(5, LOOP_CLR_FD) = 0 [pid 5646] close(5) = 0 [pid 5646] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] exit_group(0 [pid 5646] <... futex resumed>) = ? [pid 5647] <... futex resumed>) = ? [pid 5645] <... exit_group resumed>) = ? [pid 5646] +++ exited with 0 +++ [pid 5647] +++ exited with 0 +++ [pid 5645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5645, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/bus") = 0 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 umount2("./155/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5648 attached , child_tidptr=0x555556eda690) = 5648 [pid 5648] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5648] chdir("./156") = 0 [pid 5648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5648] setpgid(0, 0) = 0 [pid 5648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5648] write(3, "1000", 4) = 4 [pid 5648] close(3) = 0 [pid 5648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5648] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5648] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5649 attached [pid 5649] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5648] <... clone3 resumed> => {parent_tid=[5649]}, 88) = 5649 [pid 5649] <... rseq resumed>) = 0 [pid 5648] rt_sigprocmask(SIG_SETMASK, [], [pid 5649] set_robust_list(0x7f81bb1be9a0, 24 [pid 5648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5649] <... set_robust_list resumed>) = 0 [pid 5648] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5648] <... futex resumed>) = 0 [pid 5649] memfd_create("syzkaller", 0 [pid 5648] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... memfd_create resumed>) = 3 [pid 5649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5648] <... futex resumed>) = 0 [pid 5648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5648] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} => {parent_tid=[5650]}, 88) = 5650 [pid 5648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5648] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5650 attached [ 68.028804][ T5646] loop0: detected capacity change from 0 to 512 [ 68.046295][ T5646] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5650] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5650] <... rseq resumed>) = 0 [pid 5650] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5650] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5649] <... write resumed>) = 262144 [pid 5649] munmap(0x7f81b2d9e000, 262144 [pid 5650] <... open resumed>) = 4 [pid 5650] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] <... munmap resumed>) = 0 [pid 5649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5649] ioctl(5, LOOP_SET_FD, 3 [pid 5650] <... futex resumed>) = 0 [pid 5650] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5650] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... ioctl resumed>) = 0 [pid 5650] <... futex resumed>) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5650] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] close(3 [pid 5648] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5649] <... close resumed>) = 0 [pid 5648] <... futex resumed>) = 0 [pid 5650] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5649] mkdir("./file1", 0777 [pid 5648] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] <... mkdir resumed>) = 0 [pid 5649] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5648] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = 0 [pid 5648] <... futex resumed>) = 1 [pid 5650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5648] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] <... write resumed>) = 262144 [pid 5650] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [ 68.094251][ T5649] loop0: detected capacity change from 0 to 512 [ 68.130345][ T5649] EXT4-fs (loop0): 1 orphan inode deleted [pid 5650] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] <... mount resumed>) = 0 [pid 5649] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5649] chdir("./file1") = 0 [pid 5649] ioctl(5, LOOP_CLR_FD) = 0 [pid 5649] close(5) = 0 [pid 5649] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] exit_group(0 [pid 5650] <... futex resumed>) = ? [pid 5648] <... exit_group resumed>) = ? [pid 5650] +++ exited with 0 +++ [pid 5649] +++ exited with 0 +++ [pid 5648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5648, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/bus") = 0 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 umount2("./156/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5653 attached , child_tidptr=0x555556eda690) = 5653 [pid 5653] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5653] chdir("./157") = 0 [pid 5653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 68.136603][ T5649] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/156/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5653] setpgid(0, 0) = 0 [pid 5653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5653] write(3, "1000", 4) = 4 [pid 5653] close(3) = 0 [pid 5653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5653] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5653] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5653] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5653] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5654 attached [pid 5654] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5653] <... clone3 resumed> => {parent_tid=[5654]}, 88) = 5654 [pid 5654] <... rseq resumed>) = 0 [pid 5653] rt_sigprocmask(SIG_SETMASK, [], [pid 5654] set_robust_list(0x7f81bb1be9a0, 24 [pid 5653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5654] <... set_robust_list resumed>) = 0 [pid 5653] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] rt_sigprocmask(SIG_SETMASK, [], [pid 5653] <... futex resumed>) = 0 [pid 5654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5653] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] memfd_create("syzkaller", 0 [pid 5653] <... futex resumed>) = 0 [pid 5653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5654] <... memfd_create resumed>) = 3 [pid 5653] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5653] <... mprotect resumed>) = 0 [pid 5654] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5653] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5653] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5655]}, 88) = 5655 [pid 5653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5653] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5655 attached [pid 5655] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5655] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5655] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5654] <... write resumed>) = 262144 [pid 5654] munmap(0x7f81b2d7d000, 262144 [pid 5655] <... open resumed>) = 4 [pid 5655] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] <... futex resumed>) = 0 [pid 5655] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] <... futex resumed>) = 0 [pid 5653] <... futex resumed>) = 1 [pid 5655] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5653] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] <... mount resumed>) = 0 [pid 5655] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... munmap resumed>) = 0 [pid 5655] <... futex resumed>) = 1 [pid 5654] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5653] <... futex resumed>) = 0 [pid 5655] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] <... openat resumed>) = 5 [pid 5653] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5653] <... futex resumed>) = 0 [pid 5655] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5654] ioctl(5, LOOP_SET_FD, 3 [pid 5653] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] <... open resumed>) = 6 [pid 5655] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5655] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] <... ioctl resumed>) = 0 [pid 5653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5654] close(3 [pid 5653] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] <... futex resumed>) = 0 [pid 5654] <... close resumed>) = 0 [pid 5653] <... futex resumed>) = 1 [pid 5655] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5654] mkdir("./file1", 0777 [pid 5653] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5654] <... mkdir resumed>) = 0 [pid 5654] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5655] <... write resumed>) = 262144 [pid 5655] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5653] <... futex resumed>) = 0 [pid 5655] <... futex resumed>) = 1 [pid 5655] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] ioctl(5, LOOP_CLR_FD) = 0 [pid 5654] close(5) = 0 [pid 5654] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] exit_group(0 [pid 5655] <... futex resumed>) = ? [pid 5654] <... futex resumed>) = ? [pid 5653] <... exit_group resumed>) = ? [pid 5655] +++ exited with 0 +++ [pid 5654] +++ exited with 0 +++ [pid 5653] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5653, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/bus") = 0 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 umount2("./157/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5656 ./strace-static-x86_64: Process 5656 attached [pid 5656] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5656] chdir("./158") = 0 [pid 5656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5656] setpgid(0, 0) = 0 [pid 5656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5656] write(3, "1000", 4) = 4 [pid 5656] close(3) = 0 [pid 5656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5656] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5656] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5656] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5657 attached [pid 5657] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5656] <... clone3 resumed> => {parent_tid=[5657]}, 88) = 5657 [pid 5657] <... rseq resumed>) = 0 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], [pid 5657] set_robust_list(0x7f81bb1be9a0, 24 [pid 5656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5657] <... set_robust_list resumed>) = 0 [pid 5656] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5656] <... futex resumed>) = 0 [pid 5657] memfd_create("syzkaller", 0 [pid 5656] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5657] <... memfd_create resumed>) = 3 [pid 5656] <... mmap resumed>) = 0x7f81bb17d000 [pid 5657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5656] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5658]}, 88) = 5658 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5656] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5658 attached [pid 5656] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [ 68.198798][ T5654] loop0: detected capacity change from 0 to 512 [ 68.217101][ T5654] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5658] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5658] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5658] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] <... futex resumed>) = 0 [pid 5658] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] <... futex resumed>) = 0 [pid 5657] <... write resumed>) = 262144 [pid 5656] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] munmap(0x7f81b2d7d000, 262144 [pid 5658] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5657] <... munmap resumed>) = 0 [pid 5657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5658] <... mount resumed>) = 0 [pid 5657] ioctl(5, LOOP_SET_FD, 3 [pid 5658] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] <... futex resumed>) = 0 [pid 5656] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = 0 [pid 5656] <... futex resumed>) = 1 [pid 5658] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5656] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] <... ioctl resumed>) = 0 [pid 5658] <... open resumed>) = 6 [pid 5657] close(3 [pid 5658] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... close resumed>) = 0 [pid 5656] <... futex resumed>) = 0 [pid 5658] <... futex resumed>) = 1 [pid 5656] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5656] <... futex resumed>) = 0 [pid 5657] mkdir("./file1", 0777) = 0 [pid 5657] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5656] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... write resumed>) = 262144 [pid 5658] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] <... futex resumed>) = 0 [pid 5658] <... futex resumed>) = 1 [pid 5658] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5657] ioctl(5, LOOP_CLR_FD) = 0 [pid 5657] close(5) = 0 [pid 5657] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] exit_group(0 [pid 5658] <... futex resumed>) = ? [pid 5657] <... futex resumed>) = ? [pid 5656] <... exit_group resumed>) = ? [pid 5658] +++ exited with 0 +++ [pid 5657] +++ exited with 0 +++ [pid 5656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5656, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/bus") = 0 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 umount2("./158/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5659 attached , child_tidptr=0x555556eda690) = 5659 [pid 5659] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5659] chdir("./159") = 0 [pid 5659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5659] setpgid(0, 0) = 0 [pid 5659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5659] write(3, "1000", 4) = 4 [pid 5659] close(3) = 0 [ 68.263412][ T5657] loop0: detected capacity change from 0 to 512 [ 68.280264][ T5657] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5659] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5659] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5659] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5659] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5660 attached [pid 5660] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5659] <... clone3 resumed> => {parent_tid=[5660]}, 88) = 5660 [pid 5660] <... rseq resumed>) = 0 [pid 5659] rt_sigprocmask(SIG_SETMASK, [], [pid 5660] set_robust_list(0x7f81bb1be9a0, 24 [pid 5659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5659] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5660] <... set_robust_list resumed>) = 0 [pid 5659] <... mmap resumed>) = 0x7f81bb17d000 [pid 5659] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5659] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5660] memfd_create("syzkaller", 0 [pid 5659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5660] <... memfd_create resumed>) = 3 [pid 5659] <... clone3 resumed> => {parent_tid=[5661]}, 88) = 5661 ./strace-static-x86_64: Process 5661 attached [pid 5660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5659] rt_sigprocmask(SIG_SETMASK, [], [pid 5661] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5660] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5661] <... rseq resumed>) = 0 [pid 5659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5659] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5661] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5661] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5661] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5661] <... futex resumed>) = 0 [pid 5661] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5660] <... write resumed>) = 262144 [pid 5659] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5660] munmap(0x7f81b2d7d000, 262144 [pid 5661] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5659] <... futex resumed>) = 0 [pid 5661] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5660] <... munmap resumed>) = 0 [pid 5659] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... open resumed>) = 5 [pid 5660] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5659] <... futex resumed>) = 0 [pid 5660] <... openat resumed>) = 6 [pid 5660] ioctl(6, LOOP_SET_FD, 3 [pid 5659] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5661] <... futex resumed>) = 0 [pid 5659] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5660] <... ioctl resumed>) = 0 [pid 5660] close(3) = 0 [pid 5660] mkdir("./file1", 0777) = 0 [pid 5660] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5661] <... write resumed>) = -1 EIO (Input/output error) [pid 5661] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... futex resumed>) = 0 [pid 5661] <... futex resumed>) = 1 [pid 5661] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5660] ioctl(6, LOOP_CLR_FD) = 0 [pid 5660] close(6) = 0 [pid 5660] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5659] exit_group(0 [pid 5661] <... futex resumed>) = ? [pid 5660] <... futex resumed>) = ? [pid 5659] <... exit_group resumed>) = ? [pid 5661] +++ exited with 0 +++ [pid 5660] +++ exited with 0 +++ [pid 5659] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5659, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./159/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/bus") = 0 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 umount2("./159/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5664 attached , child_tidptr=0x555556eda690) = 5664 [pid 5664] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5664] chdir("./160") = 0 [pid 5664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5664] setpgid(0, 0) = 0 [ 68.339560][ T5660] loop0: detected capacity change from 0 to 512 [ 68.356512][ T5660] EXT4-fs error (device loop0): __ext4_fill_super:5473: inode #2: comm syz-executor212: iget: special inode unallocated [ 68.369357][ T5660] EXT4-fs (loop0): get root inode failed [ 68.375588][ T5660] EXT4-fs (loop0): mount failed [pid 5664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5664] write(3, "1000", 4) = 4 [pid 5664] close(3) = 0 [pid 5664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5664] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5664] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5664] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5664] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5664] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5665 attached => {parent_tid=[5665]}, 88) = 5665 [pid 5664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5665] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5664] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5665] <... rseq resumed>) = 0 [pid 5665] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5665] memfd_create("syzkaller", 0 [pid 5664] <... futex resumed>) = 0 [pid 5665] <... memfd_create resumed>) = 3 [pid 5665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5664] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5664] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5664] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5666 attached => {parent_tid=[5666]}, 88) = 5666 [pid 5666] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5666] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5666] rt_sigprocmask(SIG_SETMASK, [], [pid 5664] rt_sigprocmask(SIG_SETMASK, [], [pid 5666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5664] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5665] <... write resumed>) = 262144 [pid 5664] <... futex resumed>) = 0 [pid 5666] <... open resumed>) = 4 [pid 5664] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5665] munmap(0x7f81b2d9e000, 262144) = 0 [pid 5666] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5664] <... futex resumed>) = 0 [pid 5666] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5664] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5666] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5665] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5664] <... futex resumed>) = 0 [pid 5665] <... openat resumed>) = 5 [pid 5664] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5666] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5665] ioctl(5, LOOP_SET_FD, 3 [pid 5666] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5664] <... futex resumed>) = 0 [pid 5664] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... futex resumed>) = 0 [pid 5664] <... futex resumed>) = 1 [pid 5666] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5664] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5665] <... ioctl resumed>) = 0 [pid 5665] close(3 [pid 5666] <... open resumed>) = 6 [pid 5665] <... close resumed>) = 0 [pid 5665] mkdir("./file1", 0777 [pid 5666] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... futex resumed>) = 0 [pid 5666] <... futex resumed>) = 1 [pid 5664] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5664] <... futex resumed>) = 0 [pid 5665] <... mkdir resumed>) = 0 [pid 5665] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5664] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5666] <... write resumed>) = 262144 [pid 5665] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5666] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5664] <... futex resumed>) = 0 [pid 5665] ioctl(5, LOOP_CLR_FD [pid 5666] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] <... ioctl resumed>) = 0 [pid 5665] close(5) = 0 [pid 5665] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5664] exit_group(0) = ? [pid 5665] <... futex resumed>) = ? [pid 5665] +++ exited with 0 +++ [pid 5666] <... futex resumed>) = ? [pid 5666] +++ exited with 0 +++ [pid 5664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5664, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/bus") = 0 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 umount2("./160/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5667 ./strace-static-x86_64: Process 5667 attached [pid 5667] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5667] chdir("./161") = 0 [pid 5667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5667] setpgid(0, 0) = 0 [ 68.441420][ T5665] loop0: detected capacity change from 0 to 512 [ 68.455789][ T5665] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5667] write(3, "1000", 4) = 4 [pid 5667] close(3) = 0 [pid 5667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5667] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5667] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5667] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5667] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5667] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5668]}, 88) = 5668 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5668 attached NULL, 8) = 0 [pid 5668] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5667] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] <... rseq resumed>) = 0 [pid 5667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5668] set_robust_list(0x7f81bb1be9a0, 24 [pid 5667] <... mmap resumed>) = 0x7f81bb17d000 [pid 5668] <... set_robust_list resumed>) = 0 [pid 5667] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5668] rt_sigprocmask(SIG_SETMASK, [], [pid 5667] <... mprotect resumed>) = 0 [pid 5668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5667] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5667] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5669 attached [pid 5668] memfd_create("syzkaller", 0 [pid 5669] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5667] <... clone3 resumed> => {parent_tid=[5669]}, 88) = 5669 [pid 5669] <... rseq resumed>) = 0 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], [pid 5669] set_robust_list(0x7f81bb19d9a0, 24 [pid 5667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5669] <... set_robust_list resumed>) = 0 [pid 5667] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] rt_sigprocmask(SIG_SETMASK, [], [pid 5667] <... futex resumed>) = 0 [pid 5669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5667] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5668] <... memfd_create resumed>) = 4 [pid 5668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5669] <... open resumed>) = 3 [pid 5669] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5667] <... futex resumed>) = 0 [pid 5669] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] <... futex resumed>) = 0 [pid 5669] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5667] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... mount resumed>) = 0 [pid 5668] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5669] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5669] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5667] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... open resumed>) = 5 [pid 5667] <... futex resumed>) = 0 [pid 5669] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... futex resumed>) = 0 [pid 5668] <... write resumed>) = 262144 [pid 5667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5669] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] munmap(0x7f81b2d7d000, 262144 [pid 5667] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5669] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5668] <... munmap resumed>) = 0 [pid 5667] <... futex resumed>) = 0 [pid 5669] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5668] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5667] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5669] <... futex resumed>) = 0 [pid 5668] <... openat resumed>) = 6 [pid 5669] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5668] close(4) = 0 [pid 5668] mkdir("./file1", 0777) = 0 [pid 5668] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5668] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5668] chdir("./file1") = 0 [pid 5668] ioctl(6, LOOP_CLR_FD) = 0 [pid 5668] close(6) = 0 [pid 5668] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] exit_group(0 [pid 5668] <... futex resumed>) = ? [pid 5668] +++ exited with 0 +++ [pid 5669] <... futex resumed>) = ? [pid 5669] +++ exited with 0 +++ [pid 5667] <... exit_group resumed>) = ? [pid 5667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5667, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/bus") = 0 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 umount2("./161/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5672 attached [pid 5672] set_robust_list(0x555556eda6a0, 24 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5672 [pid 5672] <... set_robust_list resumed>) = 0 [pid 5672] chdir("./162") = 0 [pid 5672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5672] setpgid(0, 0) = 0 [pid 5672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5672] write(3, "1000", 4) = 4 [pid 5672] close(3) = 0 [pid 5672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5672] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [ 68.522764][ T5668] loop0: detected capacity change from 0 to 512 [ 68.546327][ T5668] EXT4-fs (loop0): 1 orphan inode deleted [ 68.552292][ T5668] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/161/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5672] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5672] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5673 attached => {parent_tid=[5673]}, 88) = 5673 [pid 5672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5672] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5673] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5672] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5673] <... rseq resumed>) = 0 [pid 5673] set_robust_list(0x7f81bb1be9a0, 24 [pid 5672] <... mprotect resumed>) = 0 [pid 5673] <... set_robust_list resumed>) = 0 [pid 5673] rt_sigprocmask(SIG_SETMASK, [], [pid 5672] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5672] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5673] memfd_create("syzkaller", 0 [pid 5672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5673] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5674 attached [pid 5673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5674] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5673] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5672] <... clone3 resumed> => {parent_tid=[5674]}, 88) = 5674 [pid 5674] <... rseq resumed>) = 0 [pid 5674] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5674] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] rt_sigprocmask(SIG_SETMASK, [], [pid 5673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5672] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... futex resumed>) = 0 [pid 5674] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5672] <... futex resumed>) = 1 [pid 5674] <... open resumed>) = 4 [pid 5672] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... write resumed>) = 262144 [pid 5673] munmap(0x7f81b2d7d000, 262144 [pid 5674] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 0 [pid 5673] <... munmap resumed>) = 0 [pid 5672] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5672] <... futex resumed>) = 0 [pid 5673] ioctl(5, LOOP_SET_FD, 3 [pid 5672] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5674] <... futex resumed>) = 1 [pid 5674] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5674] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5674] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... futex resumed>) = 0 [pid 5672] <... futex resumed>) = 1 [pid 5674] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5672] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5674] <... open resumed>) = 6 [pid 5674] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5674] <... futex resumed>) = 1 [pid 5674] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5673] <... ioctl resumed>) = 0 [pid 5673] close(3) = 0 [pid 5673] mkdir("./file1", 0777) = 0 [pid 5673] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5674] <... write resumed>) = 262144 [pid 5674] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 0 [pid 5674] <... futex resumed>) = 1 [pid 5674] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5673] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5673] ioctl(5, LOOP_CLR_FD) = 0 [pid 5673] close(5) = 0 [pid 5673] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5673] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] exit_group(0) = ? [pid 5674] <... futex resumed>) = ? [pid 5673] <... futex resumed>) = ? [pid 5674] +++ exited with 0 +++ [pid 5673] +++ exited with 0 +++ [pid 5672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5672, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/bus") = 0 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 umount2("./162/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5675 attached , child_tidptr=0x555556eda690) = 5675 [pid 5675] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5675] chdir("./163") = 0 [pid 5675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5675] setpgid(0, 0) = 0 [pid 5675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 68.613886][ T5673] loop0: detected capacity change from 0 to 512 [ 68.627351][ T5673] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5675] write(3, "1000", 4) = 4 [pid 5675] close(3) = 0 [pid 5675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5675] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5675] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5675] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5675] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5676 attached [pid 5676] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5675] <... clone3 resumed> => {parent_tid=[5676]}, 88) = 5676 [pid 5676] <... rseq resumed>) = 0 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], [pid 5676] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5675] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] memfd_create("syzkaller", 0 [pid 5675] <... futex resumed>) = 0 [pid 5676] <... memfd_create resumed>) = 3 [pid 5675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5675] <... mmap resumed>) = 0x7f81bb17d000 [pid 5675] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5676] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5675] <... mprotect resumed>) = 0 [pid 5675] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5675] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5677 attached [pid 5677] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5675] <... clone3 resumed> => {parent_tid=[5677]}, 88) = 5677 [pid 5677] <... rseq resumed>) = 0 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], [pid 5677] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5675] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5675] <... futex resumed>) = 0 [pid 5675] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... open resumed>) = 4 [pid 5677] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5677] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5675] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... mount resumed>) = 0 [pid 5677] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] <... futex resumed>) = 0 [pid 5676] <... write resumed>) = 262144 [pid 5675] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = 0 [pid 5676] munmap(0x7f81b2d7d000, 262144 [pid 5675] <... futex resumed>) = 1 [pid 5677] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5675] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... open resumed>) = 5 [pid 5676] <... munmap resumed>) = 0 [pid 5677] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5677] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5675] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5676] <... openat resumed>) = 6 [pid 5675] <... futex resumed>) = 0 [pid 5677] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5676] ioctl(6, LOOP_SET_FD, 3 [pid 5675] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5677] <... futex resumed>) = 0 [pid 5677] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] <... ioctl resumed>) = 0 [pid 5676] close(3) = 0 [pid 5676] mkdir("./file1", 0777) = 0 [pid 5676] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5676] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5676] chdir("./file1") = 0 [pid 5676] ioctl(6, LOOP_CLR_FD) = 0 [pid 5676] close(6) = 0 [pid 5676] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] exit_group(0 [pid 5677] <... futex resumed>) = ? [pid 5676] <... futex resumed>) = ? [pid 5675] <... exit_group resumed>) = ? [pid 5677] +++ exited with 0 +++ [pid 5676] +++ exited with 0 +++ [pid 5675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5675, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/bus") = 0 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 umount2("./163/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5680 attached , child_tidptr=0x555556eda690) = 5680 [pid 5680] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5680] chdir("./164") = 0 [pid 5680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5680] setpgid(0, 0) = 0 [pid 5680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5680] write(3, "1000", 4) = 4 [pid 5680] close(3) = 0 [pid 5680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5680] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5680] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5680] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5681 attached [pid 5681] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5680] <... clone3 resumed> => {parent_tid=[5681]}, 88) = 5681 [pid 5681] <... rseq resumed>) = 0 [pid 5681] set_robust_list(0x7f81bb1be9a0, 24 [pid 5680] rt_sigprocmask(SIG_SETMASK, [], [pid 5681] <... set_robust_list resumed>) = 0 [pid 5681] rt_sigprocmask(SIG_SETMASK, [], [pid 5680] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5681] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5680] <... futex resumed>) = 0 [ 68.690463][ T5676] loop0: detected capacity change from 0 to 512 [ 68.707835][ T5676] EXT4-fs (loop0): 1 orphan inode deleted [ 68.713792][ T5676] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/163/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5681] memfd_create("syzkaller", 0 [pid 5680] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5680] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5681] <... memfd_create resumed>) = 3 [pid 5681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5680] <... mprotect resumed>) = 0 [pid 5681] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5682 attached => {parent_tid=[5682]}, 88) = 5682 [pid 5682] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5682] set_robust_list(0x7f81bb19d9a0, 24 [pid 5680] rt_sigprocmask(SIG_SETMASK, [], [pid 5682] <... set_robust_list resumed>) = 0 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], [pid 5680] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5682] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5680] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5680] <... futex resumed>) = 0 [pid 5682] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5680] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... open resumed>) = 4 [pid 5681] <... write resumed>) = 262144 [pid 5682] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] <... futex resumed>) = 0 [pid 5680] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5682] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5680] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] munmap(0x7f81b2d7d000, 262144 [pid 5682] <... mount resumed>) = 0 [pid 5682] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... munmap resumed>) = 0 [pid 5680] <... futex resumed>) = 0 [pid 5681] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5680] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5681] <... openat resumed>) = 5 [pid 5680] <... futex resumed>) = 0 [pid 5682] <... open resumed>) = 6 [pid 5680] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] ioctl(5, LOOP_SET_FD, 3 [pid 5682] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5682] <... futex resumed>) = 0 [pid 5682] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5680] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... futex resumed>) = 0 [pid 5682] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5681] <... ioctl resumed>) = 0 [pid 5681] close(3) = 0 [pid 5681] mkdir("./file1", 0777) = 0 [ 68.780607][ T5681] loop0: detected capacity change from 0 to 512 [ 68.787045][ T5682] blk_print_req_error: 47 callbacks suppressed [ 68.787061][ T5682] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 68.787084][ T5682] buffer_io_error: 47 callbacks suppressed [ 68.787092][ T5682] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 68.787120][ T5682] I/O error, dev loop0, sector 240 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [pid 5681] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5680] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 68.787141][ T5682] Buffer I/O error on dev loop0, logical block 30, lost async page write [ 68.787160][ T5682] I/O error, dev loop0, sector 232 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 68.787179][ T5682] Buffer I/O error on dev loop0, logical block 29, lost async page write [ 68.787199][ T5682] I/O error, dev loop0, sector 224 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 68.787219][ T5682] Buffer I/O error on dev loop0, logical block 28, lost async page write [ 68.787239][ T5682] I/O error, dev loop0, sector 216 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [pid 5682] <... write resumed>) = -1 EIO (Input/output error) [pid 5682] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5681] ioctl(5, LOOP_CLR_FD) = 0 [pid 5681] close(5) = 0 [pid 5681] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] exit_group(0 [pid 5681] <... futex resumed>) = ? [pid 5680] <... exit_group resumed>) = ? [pid 5681] +++ exited with 0 +++ [pid 5682] <... futex resumed>) = ? [pid 5682] +++ exited with 0 +++ [pid 5680] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5680, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/bus") = 0 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 umount2("./164/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5683 ./strace-static-x86_64: Process 5683 attached [pid 5683] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5683] chdir("./165") = 0 [pid 5683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5683] setpgid(0, 0) = 0 [pid 5683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5683] write(3, "1000", 4) = 4 [pid 5683] close(3) = 0 [pid 5683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5683] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5683] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5683] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5684 attached [pid 5684] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5683] <... clone3 resumed> => {parent_tid=[5684]}, 88) = 5684 [pid 5684] <... rseq resumed>) = 0 [pid 5683] rt_sigprocmask(SIG_SETMASK, [], [pid 5684] set_robust_list(0x7f81bb1be9a0, 24 [pid 5683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5684] <... set_robust_list resumed>) = 0 [pid 5683] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5683] <... futex resumed>) = 0 [pid 5684] memfd_create("syzkaller", 0 [pid 5683] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5684] <... memfd_create resumed>) = 3 [pid 5684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5683] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5684] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5683] <... mprotect resumed>) = 0 [pid 5683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5683] <... clone3 resumed> => {parent_tid=[5685]}, 88) = 5685 [pid 5683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5683] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5685 attached [pid 5685] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5685] set_robust_list(0x7f81bb19d9a0, 24 [pid 5684] <... write resumed>) = 262144 [pid 5685] <... set_robust_list resumed>) = 0 [pid 5685] rt_sigprocmask(SIG_SETMASK, [], [pid 5684] munmap(0x7f81b2d7d000, 262144 [pid 5685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5685] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5684] <... munmap resumed>) = 0 [pid 5684] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5685] <... open resumed>) = 4 [pid 5684] <... openat resumed>) = 5 [pid 5684] ioctl(5, LOOP_SET_FD, 3 [ 68.787258][ T5682] Buffer I/O error on dev loop0, logical block 27, lost async page write [ 68.787277][ T5682] I/O error, dev loop0, sector 208 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 68.899366][ T5682] Buffer I/O error on dev loop0, logical block 26, lost async page write [ 68.910448][ T5681] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5685] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = 0 [pid 5685] <... futex resumed>) = 1 [pid 5683] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5683] <... futex resumed>) = 0 [pid 5685] <... mount resumed>) = 0 [pid 5683] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5685] <... futex resumed>) = 1 [pid 5683] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5685] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5685] <... futex resumed>) = 1 [pid 5685] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5683] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] <... ioctl resumed>) = 0 [pid 5684] close(3) = 0 [pid 5684] mkdir("./file1", 0777) = 0 [pid 5684] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5685] <... write resumed>) = 262144 [pid 5685] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = 0 [pid 5685] <... futex resumed>) = 1 [pid 5685] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5684] ioctl(5, LOOP_CLR_FD) = 0 [pid 5684] close(5) = 0 [pid 5684] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] exit_group(0 [pid 5684] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5685] <... futex resumed>) = ? [pid 5684] <... futex resumed>) = ? [pid 5685] +++ exited with 0 +++ [pid 5684] +++ exited with 0 +++ [pid 5683] <... exit_group resumed>) = ? [pid 5683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5683, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/bus") = 0 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 umount2("./165/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5686 attached , child_tidptr=0x555556eda690) = 5686 [pid 5686] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5686] chdir("./166") = 0 [pid 5686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5686] setpgid(0, 0) = 0 [pid 5686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5686] write(3, "1000", 4) = 4 [pid 5686] close(3) = 0 [pid 5686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5686] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5686] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5686] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5687]}, 88) = 5687 [pid 5686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5686] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 ./strace-static-x86_64: Process 5687 attached [pid 5687] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5686] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5687] <... rseq resumed>) = 0 [pid 5687] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5686] <... mprotect resumed>) = 0 [pid 5687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5686] rt_sigprocmask(SIG_BLOCK, ~[], [ 68.961357][ T5684] loop0: detected capacity change from 0 to 512 [ 68.974349][ T5684] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5687] memfd_create("syzkaller", 0) = 3 [pid 5687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5686] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5687] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5688]}, 88) = 5688 [pid 5686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5686] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5688 attached ) = 262144 [pid 5688] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5687] munmap(0x7f81b2d7d000, 262144 [pid 5688] set_robust_list(0x7f81bb19d9a0, 24 [pid 5687] <... munmap resumed>) = 0 [pid 5687] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5688] <... set_robust_list resumed>) = 0 [pid 5688] rt_sigprocmask(SIG_SETMASK, [], [pid 5687] <... openat resumed>) = 4 [pid 5688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5687] ioctl(4, LOOP_SET_FD, 3 [pid 5688] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5688] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... futex resumed>) = 1 [pid 5688] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5688] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = 1 [pid 5688] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5686] <... futex resumed>) = 0 [pid 5688] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5686] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... ioctl resumed>) = 0 [pid 5686] <... futex resumed>) = 0 [pid 5687] close(3 [pid 5686] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... close resumed>) = 0 [pid 5687] mkdir("./file1", 0777) = 0 [pid 5687] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5688] <... write resumed>) = 262144 [pid 5688] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... futex resumed>) = 0 [pid 5687] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5687] ioctl(4, LOOP_CLR_FD) = 0 [pid 5687] close(4) = 0 [pid 5687] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] exit_group(0) = ? [pid 5687] <... futex resumed>) = ? [pid 5688] <... futex resumed>) = ? [pid 5687] +++ exited with 0 +++ [pid 5688] +++ exited with 0 +++ [pid 5686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5686, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./166/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/bus") = 0 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 umount2("./166/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5689 ./strace-static-x86_64: Process 5689 attached [pid 5689] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5689] chdir("./167") = 0 [pid 5689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5689] setpgid(0, 0) = 0 [pid 5689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5689] write(3, "1000", 4) = 4 [pid 5689] close(3) = 0 [pid 5689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5689] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 69.029602][ T5687] loop0: detected capacity change from 0 to 512 [ 69.043846][ T5687] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5689] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5690 attached => {parent_tid=[5690]}, 88) = 5690 [pid 5689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5689] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5690] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5690] set_robust_list(0x7f81bb1be9a0, 24 [pid 5689] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5690] <... set_robust_list resumed>) = 0 [pid 5690] rt_sigprocmask(SIG_SETMASK, [], [pid 5689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5689] <... mmap resumed>) = 0x7f81bb17d000 [pid 5689] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5690] memfd_create("syzkaller", 0 [pid 5689] <... mprotect resumed>) = 0 [pid 5690] <... memfd_create resumed>) = 3 [pid 5689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5690] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5689] <... clone3 resumed> => {parent_tid=[5691]}, 88) = 5691 [pid 5689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5689] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5691 attached [pid 5691] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5691] <... rseq resumed>) = 0 [pid 5691] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5691] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5691] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5691] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5689] <... futex resumed>) = 0 [pid 5691] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5689] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... write resumed>) = 262144 [pid 5691] <... mount resumed>) = 0 [pid 5691] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] munmap(0x7f81b2d7d000, 262144 [pid 5691] <... futex resumed>) = 1 [pid 5691] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5690] <... munmap resumed>) = 0 [pid 5690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5691] <... open resumed>) = 5 [pid 5690] ioctl(6, LOOP_SET_FD, 3 [pid 5691] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5691] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5689] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5691] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... futex resumed>) = 0 [pid 5691] <... futex resumed>) = 1 [pid 5691] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] <... ioctl resumed>) = 0 [pid 5690] close(3) = 0 [pid 5690] mkdir("./file1", 0777) = 0 [pid 5690] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5690] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5690] chdir("./file1") = 0 [pid 5690] ioctl(6, LOOP_CLR_FD) = 0 [pid 5690] close(6) = 0 [pid 5690] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] exit_group(0 [pid 5690] ???( [pid 5689] <... exit_group resumed>) = ? [pid 5690] <... ??? resumed>) = ? [pid 5691] <... futex resumed>) = ? [pid 5690] +++ exited with 0 +++ [pid 5691] +++ exited with 0 +++ [pid 5689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5689, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./167/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/bus") = 0 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 umount2("./167/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5694 attached [ 69.105641][ T5690] loop0: detected capacity change from 0 to 512 [ 69.128048][ T5690] EXT4-fs (loop0): 1 orphan inode deleted [ 69.133948][ T5690] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/167/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5694] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5694] chdir("./168") = 0 [pid 5694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5694] setpgid(0, 0) = 0 [pid 5694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5694] write(3, "1000", 4) = 4 [pid 5694] close(3) = 0 [pid 5694] symlink("/dev/binderfs", "./binderfs" [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5694 [pid 5694] <... symlink resumed>) = 0 [pid 5694] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5694] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5694] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5694] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5694] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5694] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5695 attached => {parent_tid=[5695]}, 88) = 5695 [pid 5694] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5694] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5694] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5694] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5694] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5694] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5696 attached => {parent_tid=[5696]}, 88) = 5696 [pid 5694] rt_sigprocmask(SIG_SETMASK, [], [pid 5696] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5696] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5695] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5694] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] rt_sigprocmask(SIG_SETMASK, [], [pid 5694] <... futex resumed>) = 0 [pid 5696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5694] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5695] <... rseq resumed>) = 0 [pid 5695] set_robust_list(0x7f81bb1be9a0, 24 [pid 5696] <... open resumed>) = 3 [pid 5696] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5694] <... futex resumed>) = 0 [pid 5696] <... futex resumed>) = 1 [pid 5696] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5694] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5696] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5694] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... mount resumed>) = 0 [pid 5695] <... set_robust_list resumed>) = 0 [pid 5695] rt_sigprocmask(SIG_SETMASK, [], [pid 5696] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5696] <... futex resumed>) = 1 [pid 5696] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] memfd_create("syzkaller", 0 [pid 5694] <... futex resumed>) = 0 [pid 5695] <... memfd_create resumed>) = 4 [pid 5695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5694] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = 0 [pid 5694] <... futex resumed>) = 1 [pid 5696] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5695] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5694] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5694] <... futex resumed>) = 0 [pid 5696] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5694] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5694] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5695] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5695] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5695] close(4) = 0 [pid 5695] mkdir("./file1", 0777) = 0 [pid 5695] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5695] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5695] chdir("./file1") = 0 [pid 5695] ioctl(6, LOOP_CLR_FD) = 0 [pid 5695] close(6) = 0 [pid 5695] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5694] exit_group(0 [pid 5695] <... futex resumed>) = ? [pid 5696] <... futex resumed>) = ? [pid 5694] <... exit_group resumed>) = ? [pid 5695] +++ exited with 0 +++ [pid 5696] +++ exited with 0 +++ [pid 5694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5694, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./168/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/bus") = 0 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 umount2("./168/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 69.214464][ T5695] loop0: detected capacity change from 0 to 512 [ 69.238436][ T5695] EXT4-fs (loop0): 1 orphan inode deleted [ 69.244370][ T5695] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/168/file1 supports timestamps until 2038-01-19 (0x7fffffff) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5699 attached , child_tidptr=0x555556eda690) = 5699 [pid 5699] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5699] chdir("./169") = 0 [pid 5699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5699] setpgid(0, 0) = 0 [pid 5699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5699] write(3, "1000", 4) = 4 [pid 5699] close(3) = 0 [pid 5699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5699] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5699] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5699] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5699] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5699] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5699] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5700 attached [pid 5700] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5700] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5699] <... clone3 resumed> => {parent_tid=[5700]}, 88) = 5700 [pid 5700] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5699] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5700] <... futex resumed>) = 0 [pid 5699] <... futex resumed>) = 1 [pid 5700] memfd_create("syzkaller", 0 [pid 5699] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5700] <... memfd_create resumed>) = 3 [pid 5699] <... futex resumed>) = 0 [pid 5700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5700] <... mmap resumed>) = 0x7f81b2d9e000 [pid 5699] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5699] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5699] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5699] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5701 attached [pid 5700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5701] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5699] <... clone3 resumed> => {parent_tid=[5701]}, 88) = 5701 [pid 5699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5699] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5699] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] <... rseq resumed>) = 0 [pid 5700] <... write resumed>) = 262144 [pid 5701] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5701] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5700] munmap(0x7f81b2d9e000, 262144 [pid 5701] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5700] <... munmap resumed>) = 0 [pid 5699] <... futex resumed>) = 0 [pid 5701] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5700] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5699] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5700] <... openat resumed>) = 5 [pid 5701] <... mount resumed>) = 0 [pid 5699] <... futex resumed>) = 0 [pid 5700] ioctl(5, LOOP_SET_FD, 3 [pid 5699] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5701] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5699] <... futex resumed>) = 0 [pid 5699] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] <... futex resumed>) = 0 [pid 5699] <... futex resumed>) = 1 [pid 5701] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5700] <... ioctl resumed>) = 0 [pid 5699] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5700] close(3 [pid 5699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5701] <... futex resumed>) = 0 [pid 5700] <... close resumed>) = 0 [pid 5699] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5700] mkdir("./file1", 0777 [pid 5699] <... futex resumed>) = 0 [pid 5699] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5700] <... mkdir resumed>) = 0 [pid 5700] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5701] <... write resumed>) = 262144 [pid 5701] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5699] <... futex resumed>) = 0 [pid 5701] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5700] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5700] ioctl(5, LOOP_CLR_FD) = 0 [pid 5700] close(5) = 0 [pid 5700] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5699] exit_group(0) = ? [pid 5701] <... futex resumed>) = ? [pid 5700] +++ exited with 0 +++ [pid 5701] +++ exited with 0 +++ [pid 5699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5699, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./169/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/bus") = 0 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 umount2("./169/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 69.331214][ T5700] loop0: detected capacity change from 0 to 512 [ 69.346221][ T5700] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5702 attached [pid 5702] set_robust_list(0x555556eda6a0, 24 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5702 [pid 5702] <... set_robust_list resumed>) = 0 [pid 5702] chdir("./170") = 0 [pid 5702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5702] setpgid(0, 0) = 0 [pid 5702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5702] write(3, "1000", 4) = 4 [pid 5702] close(3) = 0 [pid 5702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5702] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5702] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5703 attached => {parent_tid=[5703]}, 88) = 5703 [pid 5703] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], [pid 5703] <... rseq resumed>) = 0 [pid 5703] set_robust_list(0x7f81bb1be9a0, 24 [pid 5702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5703] <... set_robust_list resumed>) = 0 [pid 5702] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5702] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5703] memfd_create("syzkaller", 0 [pid 5702] <... clone3 resumed> => {parent_tid=[5704]}, 88) = 5704 ./strace-static-x86_64: Process 5704 attached [pid 5703] <... memfd_create resumed>) = 3 [pid 5704] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], [pid 5704] <... rseq resumed>) = 0 [pid 5703] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5704] set_robust_list(0x7f81bb19d9a0, 24 [pid 5703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5704] <... set_robust_list resumed>) = 0 [pid 5702] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] rt_sigprocmask(SIG_SETMASK, [], [pid 5702] <... futex resumed>) = 0 [pid 5704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5704] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5702] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... open resumed>) = 4 [pid 5703] <... write resumed>) = 262144 [pid 5704] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5704] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5702] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] munmap(0x7f81b2d7d000, 262144 [pid 5702] <... futex resumed>) = 0 [pid 5704] <... mount resumed>) = 0 [pid 5703] <... munmap resumed>) = 0 [pid 5702] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] <... futex resumed>) = 0 [pid 5702] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5702] <... futex resumed>) = 0 [pid 5704] <... open resumed>) = 5 [pid 5703] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5702] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... openat resumed>) = 6 [pid 5704] <... futex resumed>) = 0 [pid 5702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] ioctl(6, LOOP_SET_FD, 3 [pid 5702] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5703] <... ioctl resumed>) = 0 [pid 5703] close(3) = 0 [pid 5703] mkdir("./file1", 0777) = 0 [pid 5703] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5704] <... write resumed>) = -1 EIO (Input/output error) [pid 5704] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5704] <... futex resumed>) = 1 [pid 5704] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5703] ioctl(6, LOOP_CLR_FD) = 0 [pid 5703] close(6) = 0 [pid 5703] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] exit_group(0 [pid 5704] <... futex resumed>) = ? [pid 5703] <... futex resumed>) = ? [pid 5702] <... exit_group resumed>) = ? [pid 5704] +++ exited with 0 +++ [pid 5703] +++ exited with 0 +++ [pid 5702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5702, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./170/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/bus") = 0 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 umount2("./170/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5705 ./strace-static-x86_64: Process 5705 attached [pid 5705] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5705] chdir("./171") = 0 [pid 5705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5705] setpgid(0, 0) = 0 [pid 5705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5705] write(3, "1000", 4) = 4 [pid 5705] close(3) = 0 [pid 5705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5705] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5705] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5706 attached => {parent_tid=[5706]}, 88) = 5706 [pid 5706] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5705] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] <... rseq resumed>) = 0 [pid 5705] <... futex resumed>) = 0 [pid 5706] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5705] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5706] rt_sigprocmask(SIG_SETMASK, [], [pid 5705] <... mmap resumed>) = 0x7f81bb17d000 [pid 5705] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5706] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5705] <... mprotect resumed>) = 0 [pid 5705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5706] memfd_create("syzkaller", 0) = 3 [ 69.419137][ T5703] loop0: detected capacity change from 0 to 512 [ 69.423671][ T5704] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 69.436892][ T5704] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 69.451264][ T5703] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5705] <... clone3 resumed> => {parent_tid=[5707]}, 88) = 5707 ./strace-static-x86_64: Process 5707 attached [pid 5706] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5707] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5705] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... rseq resumed>) = 0 [pid 5707] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5707] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5706] <... write resumed>) = 262144 [pid 5706] munmap(0x7f81b2d7d000, 262144 [pid 5707] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] <... munmap resumed>) = 0 [pid 5706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5706] ioctl(5, LOOP_SET_FD, 3 [pid 5705] <... futex resumed>) = 0 [pid 5707] <... futex resumed>) = 1 [pid 5707] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = 0 [pid 5705] <... futex resumed>) = 1 [pid 5707] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5705] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = 0 [pid 5705] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... futex resumed>) = 1 [pid 5707] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5707] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = 0 [pid 5705] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5707] <... futex resumed>) = 1 [pid 5705] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5706] <... ioctl resumed>) = 0 [pid 5706] close(3) = 0 [pid 5706] mkdir("./file1", 0777) = 0 [pid 5706] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5707] <... write resumed>) = 262144 [pid 5707] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5705] <... futex resumed>) = 0 [pid 5707] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5706] ioctl(5, LOOP_CLR_FD) = 0 [pid 5706] close(5) = 0 [pid 5706] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5706] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] exit_group(0 [pid 5707] <... futex resumed>) = ? [pid 5707] +++ exited with 0 +++ [pid 5706] <... futex resumed>) = ? [pid 5705] <... exit_group resumed>) = ? [pid 5706] +++ exited with 0 +++ [pid 5705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5705, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./171/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/bus") = 0 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 umount2("./171/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5708 attached , child_tidptr=0x555556eda690) = 5708 [pid 5708] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5708] chdir("./172") = 0 [pid 5708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] setpgid(0, 0) = 0 [pid 5708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] write(3, "1000", 4) = 4 [pid 5708] close(3) = 0 [pid 5708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5708] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5708] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5709]}, 88) = 5709 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5708] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5708] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5709 attached [pid 5709] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5708] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5709] <... rseq resumed>) = 0 [pid 5709] set_robust_list(0x7f81bb1be9a0, 24 [ 69.505392][ T5706] loop0: detected capacity change from 0 to 512 [ 69.519633][ T5706] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5709] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5710 attached [pid 5709] rt_sigprocmask(SIG_SETMASK, [], [pid 5710] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5710] <... rseq resumed>) = 0 [pid 5709] memfd_create("syzkaller", 0 [pid 5710] set_robust_list(0x7f81bb19d9a0, 24 [pid 5709] <... memfd_create resumed>) = 3 [pid 5708] <... clone3 resumed> => {parent_tid=[5710]}, 88) = 5710 [pid 5710] <... set_robust_list resumed>) = 0 [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], [pid 5710] rt_sigprocmask(SIG_SETMASK, [], [pid 5708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5708] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5710] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5710] <... open resumed>) = 4 [pid 5710] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5710] <... futex resumed>) = 1 [pid 5708] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5710] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5708] <... futex resumed>) = 0 [pid 5710] <... mount resumed>) = 0 [pid 5709] <... write resumed>) = 262144 [pid 5708] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... futex resumed>) = 1 [pid 5710] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5709] munmap(0x7f81b2d7d000, 262144 [pid 5710] <... open resumed>) = 5 [pid 5710] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... munmap resumed>) = 0 [pid 5710] <... futex resumed>) = 1 [pid 5710] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5710] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5710] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] <... futex resumed>) = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5709] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5709] close(3) = 0 [pid 5709] mkdir("./file1", 0777) = 0 [pid 5709] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5709] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5709] chdir("./file1") = 0 [pid 5709] ioctl(6, LOOP_CLR_FD) = 0 [pid 5709] close(6) = 0 [pid 5709] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] exit_group(0) = ? [pid 5709] <... futex resumed>) = ? [pid 5709] +++ exited with 0 +++ [pid 5710] <... futex resumed>) = ? [pid 5710] +++ exited with 0 +++ [pid 5708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5708, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./172/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/bus") = 0 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 umount2("./172/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5713 ./strace-static-x86_64: Process 5713 attached [pid 5713] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5713] chdir("./173") = 0 [pid 5713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5713] setpgid(0, 0) = 0 [ 69.578070][ T5709] loop0: detected capacity change from 0 to 512 [ 69.597713][ T5709] EXT4-fs (loop0): 1 orphan inode deleted [ 69.603701][ T5709] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/172/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5713] write(3, "1000", 4) = 4 [pid 5713] close(3) = 0 [pid 5713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5713] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5713] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5714 attached => {parent_tid=[5714]}, 88) = 5714 [pid 5714] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], [pid 5714] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5714] rt_sigprocmask(SIG_SETMASK, [], [pid 5713] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5713] <... futex resumed>) = 0 [pid 5714] memfd_create("syzkaller", 0 [pid 5713] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5714] <... memfd_create resumed>) = 3 [pid 5714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5714] munmap(0x7f81b2d9e000, 262144) = 0 [pid 5714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5714] ioctl(4, LOOP_SET_FD, 3 [pid 5713] <... mmap resumed>) = 0x7f81b2dbd000 [pid 5713] mprotect(0x7f81b2dbe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5714] <... ioctl resumed>) = 0 [pid 5713] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5714] close(3) = 0 [pid 5714] mkdir("./file1", 0777) = 0 [pid 5713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2ddd990, parent_tid=0x7f81b2ddd990, exit_signal=0, stack=0x7f81b2dbd000, stack_size=0x20300, tls=0x7f81b2ddd6c0} [pid 5714] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"..../strace-static-x86_64: Process 5715 attached [pid 5715] rseq(0x7f81b2dddfe0, 0x20, 0, 0x53053053 [pid 5713] <... clone3 resumed> => {parent_tid=[5715]}, 88) = 5715 [pid 5715] <... rseq resumed>) = 0 [pid 5715] set_robust_list(0x7f81b2ddd9a0, 24 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], [pid 5715] <... set_robust_list resumed>) = 0 [pid 5713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5715] rt_sigprocmask(SIG_SETMASK, [], [pid 5713] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5713] <... futex resumed>) = 0 [pid 5715] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5713] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... mount resumed>) = 0 [pid 5715] <... open resumed>) = 3 [pid 5715] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = 0 [pid 5715] <... futex resumed>) = 1 [pid 5713] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5713] <... futex resumed>) = 0 [pid 5714] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5715] <... mount resumed>) = 0 [pid 5713] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5715] <... futex resumed>) = 0 [pid 5713] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5713] <... futex resumed>) = 0 [pid 5715] <... open resumed>) = 5 [pid 5713] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5715] <... futex resumed>) = 0 [pid 5713] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5713] <... futex resumed>) = 0 [pid 5714] <... openat resumed>) = 6 [pid 5714] chdir("./file1") = 0 [pid 5714] ioctl(4, LOOP_CLR_FD) = 0 [pid 5714] close(4) = 0 [pid 5713] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... write resumed>) = 262144 [pid 5714] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5715] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5715] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] exit_group(0 [pid 5715] <... futex resumed>) = ? [pid 5714] <... futex resumed>) = ? [pid 5713] <... exit_group resumed>) = ? [pid 5714] +++ exited with 0 +++ [pid 5715] +++ exited with 0 +++ [pid 5713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5713, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./173/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/bus") = 0 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 [ 69.675580][ T5714] loop0: detected capacity change from 0 to 512 [ 69.687994][ T5714] EXT4-fs (loop0): 1 orphan inode deleted [ 69.693770][ T5714] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/173/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./173/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5718 ./strace-static-x86_64: Process 5718 attached [pid 5718] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5718] chdir("./174") = 0 [pid 5718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5718] setpgid(0, 0) = 0 [pid 5718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5718] write(3, "1000", 4) = 4 [pid 5718] close(3) = 0 [pid 5718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5718] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5718] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5718] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5719 attached => {parent_tid=[5719]}, 88) = 5719 [pid 5719] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], [pid 5719] <... rseq resumed>) = 0 [pid 5718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5719] set_robust_list(0x7f81bb1be9a0, 24 [pid 5718] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... set_robust_list resumed>) = 0 [pid 5719] rt_sigprocmask(SIG_SETMASK, [], [pid 5718] <... futex resumed>) = 0 [pid 5719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5718] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] memfd_create("syzkaller", 0 [pid 5718] <... futex resumed>) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5719] <... memfd_create resumed>) = 3 [pid 5718] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5718] <... mprotect resumed>) = 0 [pid 5719] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5718] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5718] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5720 attached [pid 5720] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5718] <... clone3 resumed> => {parent_tid=[5720]}, 88) = 5720 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5718] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5720] <... rseq resumed>) = 0 [pid 5720] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5720] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5719] <... write resumed>) = 262144 [pid 5719] munmap(0x7f81b2d7d000, 262144 [pid 5720] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5719] <... munmap resumed>) = 0 [pid 5720] <... open resumed>) = 4 [pid 5719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 69.733439][ T5024] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor212: Invalid inode table block 0 in block_group 0 [ 69.750769][ T5024] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 69.760930][ T5024] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor212: mark_inode_dirty error [pid 5719] ioctl(5, LOOP_SET_FD, 3 [pid 5720] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... ioctl resumed>) = 0 [pid 5720] <... futex resumed>) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5720] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5719] close(3 [pid 5718] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5719] <... close resumed>) = 0 [pid 5718] <... futex resumed>) = 0 [pid 5720] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5719] mkdir("./file1", 0777 [pid 5718] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5720] <... mount resumed>) = 0 [pid 5719] <... mkdir resumed>) = 0 [pid 5719] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5720] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5720] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5720] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5720] <... open resumed>) = 3 [pid 5720] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5720] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5718] <... futex resumed>) = 0 [pid 5720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5718] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5720] <... write resumed>) = 262144 [pid 5720] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5720] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5719] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5719] ioctl(5, LOOP_CLR_FD) = 0 [pid 5719] close(5) = 0 [pid 5719] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5719] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] exit_group(0 [pid 5720] <... futex resumed>) = ? [pid 5719] <... futex resumed>) = ? [pid 5718] <... exit_group resumed>) = ? [pid 5719] +++ exited with 0 +++ [pid 5720] +++ exited with 0 +++ [pid 5718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5718, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./174/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/bus") = 0 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 umount2("./174/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5721 ./strace-static-x86_64: Process 5721 attached [pid 5721] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5721] chdir("./175") = 0 [ 69.806595][ T5719] loop0: detected capacity change from 0 to 512 [ 69.825764][ T5719] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5721] setpgid(0, 0) = 0 [pid 5721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5721] write(3, "1000", 4) = 4 [pid 5721] close(3) = 0 [pid 5721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5721] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5721] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5721] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5722]}, 88) = 5722 [pid 5721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5722 attached [pid 5721] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5721] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5723 attached => {parent_tid=[5723]}, 88) = 5723 [pid 5723] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5721] rt_sigprocmask(SIG_SETMASK, [], [pid 5723] set_robust_list(0x7f81bb19d9a0, 24 [pid 5721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5723] <... set_robust_list resumed>) = 0 [pid 5721] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] rt_sigprocmask(SIG_SETMASK, [], [pid 5721] <... futex resumed>) = 0 [pid 5723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5721] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5722] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5723] <... open resumed>) = 3 [pid 5723] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = 0 [pid 5721] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] <... futex resumed>) = 1 [pid 5721] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5722] <... rseq resumed>) = 0 [pid 5722] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5722] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5722] memfd_create("syzkaller", 0) = 4 [pid 5722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5723] <... mount resumed>) = 0 [pid 5722] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5723] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5721] <... futex resumed>) = 0 [pid 5723] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5721] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5721] <... futex resumed>) = 0 [pid 5723] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5721] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... open resumed>) = 5 [pid 5723] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = 0 [pid 5721] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... futex resumed>) = 1 [pid 5723] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5723] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = 0 [pid 5723] <... futex resumed>) = 1 [pid 5723] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5722] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5722] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5722] close(4) = 0 [pid 5722] mkdir("./file1", 0777) = 0 [pid 5722] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5722] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5722] chdir("./file1") = 0 [pid 5722] ioctl(6, LOOP_CLR_FD) = 0 [pid 5722] close(6) = 0 [pid 5722] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] exit_group(0) = ? [pid 5723] <... futex resumed>) = ? [pid 5723] +++ exited with 0 +++ [pid 5722] +++ exited with 0 +++ [pid 5721] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5721, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./175/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/bus") = 0 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 umount2("./175/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 69.905960][ T5722] loop0: detected capacity change from 0 to 512 [ 69.918072][ T5722] EXT4-fs (loop0): 1 orphan inode deleted [ 69.924064][ T5722] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/175/file1 supports timestamps until 2038-01-19 (0x7fffffff) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5726 attached , child_tidptr=0x555556eda690) = 5726 [pid 5726] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5726] chdir("./176") = 0 [pid 5726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5726] setpgid(0, 0) = 0 [pid 5726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5726] write(3, "1000", 4) = 4 [pid 5726] close(3) = 0 [pid 5726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5726] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5726] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5727 attached => {parent_tid=[5727]}, 88) = 5727 [pid 5727] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5727] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5727] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5726] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... futex resumed>) = 0 [pid 5727] memfd_create("syzkaller", 0) = 3 [pid 5727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5727] munmap(0x7f81b2d9e000, 262144 [pid 5726] <... futex resumed>) = 0 [pid 5726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5727] <... munmap resumed>) = 0 [pid 5726] <... mmap resumed>) = 0x7f81b2dbd000 [pid 5727] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5726] mprotect(0x7f81b2dbe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5727] <... openat resumed>) = 4 [pid 5726] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5727] ioctl(4, LOOP_SET_FD, 3 [pid 5726] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2ddd990, parent_tid=0x7f81b2ddd990, exit_signal=0, stack=0x7f81b2dbd000, stack_size=0x20300, tls=0x7f81b2ddd6c0}./strace-static-x86_64: Process 5728 attached [pid 5727] <... ioctl resumed>) = 0 [pid 5727] close(3) = 0 [pid 5727] mkdir("./file1", 0777 [pid 5728] rseq(0x7f81b2dddfe0, 0x20, 0, 0x53053053 [pid 5726] <... clone3 resumed> => {parent_tid=[5728]}, 88) = 5728 [pid 5728] <... rseq resumed>) = 0 [pid 5726] rt_sigprocmask(SIG_SETMASK, [], [pid 5728] set_robust_list(0x7f81b2ddd9a0, 24 [pid 5726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5728] <... set_robust_list resumed>) = 0 [pid 5726] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5726] <... futex resumed>) = 0 [pid 5728] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5726] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] <... open resumed>) = 3 [pid 5727] <... mkdir resumed>) = 0 [pid 5728] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5728] <... futex resumed>) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5726] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5726] <... futex resumed>) = 0 [pid 5726] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] <... mount resumed>) = 0 [pid 5728] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5728] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5728] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5728] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5727] <... mount resumed>) = 0 [pid 5727] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5727] chdir("./file1") = 0 [pid 5727] ioctl(4, LOOP_CLR_FD) = 0 [pid 5727] close(4) = 0 [pid 5727] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5727] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] <... write resumed>) = 262144 [pid 5728] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5726] exit_group(0 [pid 5728] ???( [pid 5726] <... exit_group resumed>) = ? [pid 5728] <... ??? resumed>) = ? [pid 5727] <... futex resumed>) = ? [pid 5728] +++ exited with 0 +++ [pid 5727] +++ exited with 0 +++ [pid 5726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5726, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./176/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/bus") = 0 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 [ 70.018528][ T5727] loop0: detected capacity change from 0 to 512 [ 70.038326][ T5727] EXT4-fs (loop0): 1 orphan inode deleted [ 70.044469][ T5727] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/176/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./176/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5731 attached [pid 5731] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5731] chdir("./177" [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5731 [pid 5731] <... chdir resumed>) = 0 [pid 5731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5731] setpgid(0, 0) = 0 [pid 5731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5731] write(3, "1000", 4) = 4 [pid 5731] close(3) = 0 [pid 5731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5731] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5731] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5731] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5731] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5732 attached [pid 5732] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5731] <... clone3 resumed> => {parent_tid=[5732]}, 88) = 5732 [pid 5731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5731] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5732] <... rseq resumed>) = 0 [pid 5732] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5731] <... mprotect resumed>) = 0 [pid 5732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5733 attached [pid 5732] memfd_create("syzkaller", 0 [pid 5731] <... clone3 resumed> => {parent_tid=[5733]}, 88) = 5733 [pid 5731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] <... memfd_create resumed>) = 3 [pid 5733] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5733] <... rseq resumed>) = 0 [pid 5733] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5733] rt_sigprocmask(SIG_SETMASK, [], [pid 5732] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5733] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5733] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [ 70.082297][ T5024] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor212: Invalid inode table block 0 in block_group 0 [ 70.103553][ T5024] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 70.113753][ T5024] EXT4-fs error (device loop0): ext4_quota_off:7131: inode #3: comm syz-executor212: mark_inode_dirty error [pid 5733] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5731] <... futex resumed>) = 0 [pid 5733] <... mount resumed>) = 0 [pid 5731] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5733] <... futex resumed>) = 0 [pid 5731] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... open resumed>) = 5 [pid 5733] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] <... futex resumed>) = 0 [pid 5733] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5731] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5731] <... futex resumed>) = 0 [pid 5732] <... write resumed>) = 262144 [pid 5731] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5732] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5732] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5732] close(3) = 0 [pid 5732] mkdir("./file1", 0777) = 0 [pid 5732] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5732] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5732] chdir("./file1") = 0 [pid 5732] ioctl(6, LOOP_CLR_FD) = 0 [pid 5732] close(6) = 0 [pid 5732] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] exit_group(0 [pid 5732] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... futex resumed>) = ? [pid 5732] <... futex resumed>) = ? [pid 5731] <... exit_group resumed>) = ? [pid 5733] +++ exited with 0 +++ [pid 5732] +++ exited with 0 +++ [pid 5731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5731, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./177/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/bus") = 0 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 umount2("./177/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 70.169389][ T5732] loop0: detected capacity change from 0 to 512 [ 70.188081][ T5732] EXT4-fs (loop0): 1 orphan inode deleted [ 70.194070][ T5732] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/177/file1 supports timestamps until 2038-01-19 (0x7fffffff) rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5736 attached , child_tidptr=0x555556eda690) = 5736 [pid 5736] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5736] chdir("./178") = 0 [pid 5736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5736] setpgid(0, 0) = 0 [pid 5736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5736] write(3, "1000", 4) = 4 [pid 5736] close(3) = 0 [pid 5736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5736] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5736] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5737]}, 88) = 5737 [pid 5736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5736] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5736] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5738 attached => {parent_tid=[5738]}, 88) = 5738 [pid 5738] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5736] rt_sigprocmask(SIG_SETMASK, [], [pid 5738] set_robust_list(0x7f81bb19d9a0, 24 [pid 5736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5738] <... set_robust_list resumed>) = 0 [pid 5736] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] rt_sigprocmask(SIG_SETMASK, [], [pid 5736] <... futex resumed>) = 0 [pid 5738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5736] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5738] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5738] <... futex resumed>) = 1 [pid 5736] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5736] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5737 attached [pid 5738] <... mount resumed>) = 0 [pid 5736] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5737] set_robust_list(0x7f81bb1be9a0, 24 [pid 5738] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... set_robust_list resumed>) = 0 [pid 5736] <... futex resumed>) = 0 [pid 5737] rt_sigprocmask(SIG_SETMASK, [], [pid 5738] <... futex resumed>) = 1 [pid 5737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5736] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5737] memfd_create("syzkaller", 0 [pid 5736] <... futex resumed>) = 0 [pid 5738] <... open resumed>) = 4 [pid 5737] <... memfd_create resumed>) = 5 [pid 5736] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5738] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] <... futex resumed>) = 0 [pid 5738] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5737] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5736] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5736] <... futex resumed>) = 0 [pid 5738] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] <... futex resumed>) = 0 [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5738] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5737] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5737] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5737] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5737] close(5) = 0 [pid 5737] mkdir("./file1", 0777) = 0 [pid 5737] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5737] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5737] chdir("./file1") = 0 [pid 5737] ioctl(6, LOOP_CLR_FD) = 0 [pid 5737] close(6) = 0 [pid 5737] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5737] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] exit_group(0) = ? [pid 5737] <... futex resumed>) = ? [pid 5737] +++ exited with 0 +++ [pid 5738] <... futex resumed>) = ? [pid 5738] +++ exited with 0 +++ [pid 5736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5736, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./178/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/bus") = 0 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 umount2("./178/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 [ 70.277487][ T5737] loop0: detected capacity change from 0 to 512 [ 70.298342][ T5737] EXT4-fs (loop0): 1 orphan inode deleted [ 70.304409][ T5737] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/178/file1 supports timestamps until 2038-01-19 (0x7fffffff) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5741 attached , child_tidptr=0x555556eda690) = 5741 [pid 5741] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5741] chdir("./179") = 0 [pid 5741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5741] setpgid(0, 0) = 0 [pid 5741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5741] write(3, "1000", 4) = 4 [pid 5741] close(3) = 0 [pid 5741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5741] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5741] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5741] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5741] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5742 attached [pid 5742] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5741] <... clone3 resumed> => {parent_tid=[5742]}, 88) = 5742 [pid 5742] <... rseq resumed>) = 0 [pid 5742] set_robust_list(0x7f81bb1be9a0, 24 [pid 5741] rt_sigprocmask(SIG_SETMASK, [], [pid 5742] <... set_robust_list resumed>) = 0 [pid 5742] rt_sigprocmask(SIG_SETMASK, [], [pid 5741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5741] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] memfd_create("syzkaller", 0 [pid 5741] <... futex resumed>) = 0 [pid 5741] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... memfd_create resumed>) = 3 [pid 5741] <... futex resumed>) = 0 [pid 5741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5741] <... mmap resumed>) = 0x7f81bb17d000 [pid 5742] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5741] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5743 attached => {parent_tid=[5743]}, 88) = 5743 [pid 5741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5743] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5741] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... rseq resumed>) = 0 [pid 5741] <... futex resumed>) = 0 [pid 5743] set_robust_list(0x7f81bb19d9a0, 24 [pid 5741] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] <... set_robust_list resumed>) = 0 [pid 5743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5743] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5742] <... write resumed>) = 262144 [pid 5742] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5742] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5743] <... open resumed>) = 4 [pid 5742] <... openat resumed>) = 5 [pid 5742] ioctl(5, LOOP_SET_FD, 3 [pid 5743] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] <... futex resumed>) = 0 [pid 5741] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = 0 [pid 5743] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5741] <... futex resumed>) = 1 [pid 5741] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... futex resumed>) = 0 [pid 5741] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] <... futex resumed>) = 1 [pid 5743] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5741] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5741] <... futex resumed>) = 0 [pid 5743] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5741] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5741] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... ioctl resumed>) = 0 [pid 5742] close(3) = 0 [pid 5742] mkdir("./file1", 0777) = 0 [pid 5742] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5743] <... write resumed>) = 262144 [pid 5743] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] <... futex resumed>) = 0 [pid 5742] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5742] ioctl(5, LOOP_CLR_FD) = 0 [pid 5742] close(5) = 0 [pid 5742] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] exit_group(0 [pid 5743] <... futex resumed>) = ? [pid 5742] <... futex resumed>) = ? [pid 5741] <... exit_group resumed>) = ? [pid 5743] +++ exited with 0 +++ [pid 5742] +++ exited with 0 +++ [pid 5741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5741, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./179/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/bus") = 0 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 umount2("./179/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5744 attached , child_tidptr=0x555556eda690) = 5744 [pid 5744] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5744] chdir("./180") = 0 [pid 5744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5744] setpgid(0, 0) = 0 [pid 5744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5744] write(3, "1000", 4) = 4 [pid 5744] close(3) = 0 [pid 5744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5744] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5744] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5744] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5744] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5744] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5745 attached [pid 5745] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5744] <... clone3 resumed> => {parent_tid=[5745]}, 88) = 5745 [pid 5745] set_robust_list(0x7f81bb1be9a0, 24 [pid 5744] rt_sigprocmask(SIG_SETMASK, [], [pid 5745] <... set_robust_list resumed>) = 0 [pid 5744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5745] rt_sigprocmask(SIG_SETMASK, [], [pid 5744] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5744] <... futex resumed>) = 0 [pid 5745] memfd_create("syzkaller", 0 [pid 5744] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5745] <... memfd_create resumed>) = 3 [pid 5745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5744] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5745] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5744] <... mprotect resumed>) = 0 [pid 5745] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5744] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5744] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5746]}, 88) = 5746 [pid 5744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5744] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5746 attached [pid 5746] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5746] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5746] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5745] <... write resumed>) = 262144 [pid 5746] <... open resumed>) = 4 [pid 5746] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5746] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] <... futex resumed>) = 0 [pid 5744] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5746] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5744] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5744] <... futex resumed>) = 0 [pid 5744] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5746] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = 0 [pid 5744] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] <... futex resumed>) = 1 [pid 5746] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5746] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] munmap(0x7f81b2d7d000, 262144 [pid 5744] <... futex resumed>) = 0 [pid 5746] <... futex resumed>) = 1 [pid 5746] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] <... munmap resumed>) = 0 [pid 5745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 70.397226][ T5742] loop0: detected capacity change from 0 to 512 [ 70.413775][ T5742] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5745] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5745] close(3) = 0 [pid 5745] mkdir("./file1", 0777) = 0 [pid 5745] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5745] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5745] chdir("./file1") = 0 [pid 5745] ioctl(6, LOOP_CLR_FD) = 0 [pid 5745] close(6) = 0 [pid 5745] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5745] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] exit_group(0 [pid 5745] <... futex resumed>) = ? [pid 5745] +++ exited with 0 +++ [pid 5746] <... futex resumed>) = ? [pid 5746] +++ exited with 0 +++ [pid 5744] <... exit_group resumed>) = ? [pid 5744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5744, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 [ 70.455585][ T5745] loop0: detected capacity change from 0 to 512 [ 70.471923][ T5745] EXT4-fs (loop0): 1 orphan inode deleted [ 70.478305][ T5745] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/180/file1 supports timestamps until 2038-01-19 (0x7fffffff) umount2("./180/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/bus") = 0 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 umount2("./180/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5749 attached , child_tidptr=0x555556eda690) = 5749 [pid 5749] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5749] chdir("./181") = 0 [pid 5749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5749] setpgid(0, 0) = 0 [pid 5749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5749] write(3, "1000", 4) = 4 [pid 5749] close(3) = 0 [pid 5749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5749] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5749] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5749] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5750]}, 88) = 5750 ./strace-static-x86_64: Process 5750 attached [pid 5749] rt_sigprocmask(SIG_SETMASK, [], [pid 5750] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5750] <... rseq resumed>) = 0 [pid 5749] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] set_robust_list(0x7f81bb1be9a0, 24 [pid 5749] <... futex resumed>) = 0 [pid 5750] <... set_robust_list resumed>) = 0 [pid 5749] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] rt_sigprocmask(SIG_SETMASK, [], [pid 5749] <... futex resumed>) = 0 [pid 5750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5750] memfd_create("syzkaller", 0) = 3 [pid 5749] <... mmap resumed>) = 0x7f81bb17d000 [pid 5750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5749] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5750] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5749] <... mprotect resumed>) = 0 [pid 5749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5751 attached [pid 5750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5749] <... clone3 resumed> => {parent_tid=[5751]}, 88) = 5751 [pid 5751] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5749] rt_sigprocmask(SIG_SETMASK, [], [pid 5751] <... rseq resumed>) = 0 [pid 5751] set_robust_list(0x7f81bb19d9a0, 24 [pid 5749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5751] <... set_robust_list resumed>) = 0 [pid 5749] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5749] <... futex resumed>) = 0 [pid 5751] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5749] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] <... write resumed>) = 262144 [pid 5750] munmap(0x7f81b2d7d000, 262144 [pid 5751] <... open resumed>) = 4 [pid 5750] <... munmap resumed>) = 0 [pid 5750] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5751] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] <... openat resumed>) = 5 [pid 5750] ioctl(5, LOOP_SET_FD, 3 [pid 5751] <... futex resumed>) = 1 [pid 5751] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] <... futex resumed>) = 0 [pid 5751] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5749] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... mount resumed>) = 0 [pid 5751] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5751] <... futex resumed>) = 1 [pid 5749] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5751] <... futex resumed>) = 1 [pid 5751] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5749] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] <... ioctl resumed>) = 0 [pid 5750] close(3) = 0 [pid 5750] mkdir("./file1", 0777) = 0 [pid 5750] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5751] <... write resumed>) = 262144 [pid 5751] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5751] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5750] ioctl(5, LOOP_CLR_FD) = 0 [pid 5750] close(5) = 0 [pid 5750] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5749] exit_group(0 [pid 5751] <... futex resumed>) = ? [pid 5751] +++ exited with 0 +++ [pid 5749] <... exit_group resumed>) = ? [pid 5750] <... futex resumed>) = ? [pid 5750] +++ exited with 0 +++ [pid 5749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5749, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./181/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/bus") = 0 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 umount2("./181/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5752 ./strace-static-x86_64: Process 5752 attached [pid 5752] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5752] chdir("./182") = 0 [pid 5752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5752] setpgid(0, 0) = 0 [ 70.584256][ T5750] loop0: detected capacity change from 0 to 512 [ 70.599977][ T5750] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5752] write(3, "1000", 4) = 4 [pid 5752] close(3) = 0 [pid 5752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5752] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5752] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5753]}, 88) = 5753 [pid 5752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5753 attached [pid 5753] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5753] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5753] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] <... futex resumed>) = 0 [pid 5752] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] memfd_create("syzkaller", 0 [pid 5752] <... futex resumed>) = 0 [pid 5753] <... memfd_create resumed>) = 3 [pid 5752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5752] <... mmap resumed>) = 0x7f81bb17d000 [pid 5753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5752] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5754 attached => {parent_tid=[5754]}, 88) = 5754 [pid 5752] rt_sigprocmask(SIG_SETMASK, [], [pid 5754] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5753] <... write resumed>) = 262144 [pid 5752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5754] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5753] munmap(0x7f81b2d7d000, 262144 [pid 5752] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] rt_sigprocmask(SIG_SETMASK, [], [pid 5752] <... futex resumed>) = 0 [pid 5754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5754] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5753] <... munmap resumed>) = 0 [pid 5752] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5754] <... open resumed>) = 4 [pid 5753] <... openat resumed>) = 5 [pid 5753] ioctl(5, LOOP_SET_FD, 3 [pid 5754] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5754] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] <... ioctl resumed>) = 0 [pid 5753] close(3) = 0 [pid 5753] mkdir("./file1", 0777) = 0 [pid 5753] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5752] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = 0 [pid 5752] <... futex resumed>) = 1 [pid 5754] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5752] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... mount resumed>) = 0 [pid 5754] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5754] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] <... futex resumed>) = 0 [pid 5754] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5752] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... open resumed>) = 3 [pid 5754] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5754] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... write resumed>) = 262144 [pid 5754] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5754] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5753] ioctl(5, LOOP_CLR_FD) = 0 [pid 5753] close(5) = 0 [pid 5753] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] exit_group(0) = ? [pid 5754] <... futex resumed>) = ? [pid 5754] +++ exited with 0 +++ [pid 5753] <... futex resumed>) = ? [pid 5753] +++ exited with 0 +++ [pid 5752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5752, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./182/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/bus") = 0 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 umount2("./182/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5755 attached , child_tidptr=0x555556eda690) = 5755 [pid 5755] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5755] chdir("./183") = 0 [pid 5755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5755] setpgid(0, 0) = 0 [pid 5755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5755] write(3, "1000", 4) = 4 [pid 5755] close(3) = 0 [pid 5755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5755] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5755] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5755] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5756 attached => {parent_tid=[5756]}, 88) = 5756 [pid 5756] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5755] rt_sigprocmask(SIG_SETMASK, [], [pid 5756] <... rseq resumed>) = 0 [pid 5756] set_robust_list(0x7f81bb1be9a0, 24 [pid 5755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5756] <... set_robust_list resumed>) = 0 [pid 5755] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5755] <... futex resumed>) = 0 [pid 5755] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] memfd_create("syzkaller", 0 [pid 5755] <... futex resumed>) = 0 [pid 5756] <... memfd_create resumed>) = 3 [pid 5755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5755] <... mmap resumed>) = 0x7f81bb17d000 [pid 5755] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5757 attached => {parent_tid=[5757]}, 88) = 5757 [pid 5757] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5755] rt_sigprocmask(SIG_SETMASK, [], [pid 5757] <... rseq resumed>) = 0 [ 70.667584][ T5753] loop0: detected capacity change from 0 to 512 [ 70.685050][ T5753] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5757] set_robust_list(0x7f81bb19d9a0, 24 [pid 5755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5757] <... set_robust_list resumed>) = 0 [pid 5755] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5757] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5755] <... futex resumed>) = 0 [pid 5755] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... write resumed>) = 262144 [pid 5756] munmap(0x7f81b2d7d000, 262144 [pid 5755] <... futex resumed>) = 0 [pid 5755] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] <... futex resumed>) = 1 [pid 5757] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5757] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5757] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] <... munmap resumed>) = 0 [pid 5756] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5755] <... futex resumed>) = 0 [pid 5755] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = 0 [pid 5756] <... openat resumed>) = 5 [pid 5756] ioctl(5, LOOP_SET_FD, 3 [pid 5757] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5757] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = 1 [pid 5757] <... futex resumed>) = 0 [pid 5755] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5755] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = 0 [pid 5757] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5755] <... futex resumed>) = 1 [pid 5757] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5755] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5757] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] <... ioctl resumed>) = 0 [pid 5756] close(3) = 0 [pid 5756] mkdir("./file1", 0777) = 0 [pid 5756] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5756] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5756] chdir("./file1") = 0 [pid 5756] ioctl(5, LOOP_CLR_FD) = 0 [pid 5756] close(5) = 0 [pid 5756] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5756] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] exit_group(0) = ? [pid 5757] <... futex resumed>) = ? [pid 5757] +++ exited with 0 +++ [pid 5756] <... futex resumed>) = ? [pid 5756] +++ exited with 0 +++ [pid 5755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5755, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./183/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/bus") = 0 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 umount2("./183/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5760 ./strace-static-x86_64: Process 5760 attached [pid 5760] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5760] chdir("./184") = 0 [pid 5760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5760] setpgid(0, 0) = 0 [ 70.754517][ T5756] loop0: detected capacity change from 0 to 512 [ 70.768116][ T5756] EXT4-fs (loop0): 1 orphan inode deleted [ 70.774066][ T5756] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/183/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5760] write(3, "1000", 4) = 4 [pid 5760] close(3) = 0 [pid 5760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5760] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5760] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5761 attached [pid 5761] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5760] <... clone3 resumed> => {parent_tid=[5761]}, 88) = 5761 [pid 5761] set_robust_list(0x7f81bb1be9a0, 24 [pid 5760] rt_sigprocmask(SIG_SETMASK, [], [pid 5761] <... set_robust_list resumed>) = 0 [pid 5761] rt_sigprocmask(SIG_SETMASK, [], [pid 5760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5760] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] memfd_create("syzkaller", 0 [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5761] <... memfd_create resumed>) = 3 [pid 5760] <... mmap resumed>) = 0x7f81bb17d000 [pid 5761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5760] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5762 attached => {parent_tid=[5762]}, 88) = 5762 [pid 5760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5762] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5761] <... write resumed>) = 262144 [pid 5760] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] munmap(0x7f81b2d7d000, 262144 [pid 5762] <... rseq resumed>) = 0 [pid 5762] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5762] rt_sigprocmask(SIG_SETMASK, [], [pid 5761] <... munmap resumed>) = 0 [pid 5761] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5761] <... openat resumed>) = 4 [pid 5761] ioctl(4, LOOP_SET_FD, 3 [pid 5762] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5761] <... ioctl resumed>) = 0 [pid 5762] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] close(3) = 0 [pid 5761] mkdir("./file1", 0777 [pid 5762] <... futex resumed>) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5762] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5761] <... mkdir resumed>) = 0 [pid 5761] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5762] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5762] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5762] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5762] <... futex resumed>) = 1 [pid 5762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5762] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5762] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5761] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5761] ioctl(4, LOOP_CLR_FD) = 0 [pid 5761] close(4) = 0 [pid 5761] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5761] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5760] exit_group(0) = ? [pid 5762] <... futex resumed>) = ? [pid 5762] +++ exited with 0 +++ [pid 5761] <... futex resumed>) = ? [pid 5761] +++ exited with 0 +++ [pid 5760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5760, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./184/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/bus") = 0 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 umount2("./184/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5763 attached , child_tidptr=0x555556eda690) = 5763 [pid 5763] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5763] chdir("./185") = 0 [pid 5763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5763] setpgid(0, 0) = 0 [pid 5763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5763] write(3, "1000", 4) = 4 [pid 5763] close(3) = 0 [pid 5763] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5763] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5763] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5763] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5763] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5764 attached => {parent_tid=[5764]}, 88) = 5764 [pid 5764] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5764] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5763] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5764] memfd_create("syzkaller", 0 [pid 5763] <... mmap resumed>) = 0x7f81bb17d000 [pid 5763] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5763] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5764] <... memfd_create resumed>) = 3 [pid 5763] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [ 70.853016][ T5761] loop0: detected capacity change from 0 to 512 [ 70.875322][ T5761] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5765 attached [pid 5764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5765] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5763] <... clone3 resumed> => {parent_tid=[5765]}, 88) = 5765 [pid 5764] <... write resumed>) = 262144 [pid 5764] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5764] ioctl(4, LOOP_SET_FD, 3 [pid 5765] <... rseq resumed>) = 0 [pid 5763] rt_sigprocmask(SIG_SETMASK, [], [pid 5764] <... ioctl resumed>) = 0 [pid 5764] close(3) = 0 [pid 5764] mkdir("./file1", 0777 [pid 5765] set_robust_list(0x7f81bb19d9a0, 24 [pid 5763] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5765] <... set_robust_list resumed>) = 0 [pid 5763] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] rt_sigprocmask(SIG_SETMASK, [], [pid 5763] <... futex resumed>) = 0 [pid 5763] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5765] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5764] <... mkdir resumed>) = 0 [pid 5764] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5765] <... open resumed>) = 3 [pid 5765] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = 0 [pid 5765] <... futex resumed>) = 1 [pid 5763] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5763] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... mount resumed>) = 0 [pid 5765] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5763] <... futex resumed>) = 0 [pid 5765] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5763] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5765] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5763] <... futex resumed>) = 0 [pid 5765] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5763] <... futex resumed>) = 0 [pid 5765] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5763] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... write resumed>) = 262144 [pid 5765] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] <... futex resumed>) = 0 [pid 5764] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5764] ioctl(4, LOOP_CLR_FD) = 0 [pid 5764] close(4) = 0 [pid 5764] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] exit_group(0 [pid 5765] <... futex resumed>) = ? [pid 5764] <... futex resumed>) = ? [pid 5763] <... exit_group resumed>) = ? [pid 5765] +++ exited with 0 +++ [pid 5764] +++ exited with 0 +++ [pid 5763] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5763, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./185/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/bus") = 0 [ 70.941388][ T5764] loop0: detected capacity change from 0 to 512 [ 70.956052][ T5766] EXT4-fs warning (device loop0): kmmpd:168: kmmpd being stopped since MMP feature has been disabled. [ 70.956123][ T5764] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor212: Invalid inode table block 0 in block_group 0 [ 70.970100][ T5764] EXT4-fs (loop0): get root inode failed [ 70.986083][ T5764] EXT4-fs (loop0): mount failed umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/binderfs") = 0 umount2("./185/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./185/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5768 attached , child_tidptr=0x555556eda690) = 5768 [pid 5768] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5768] chdir("./186") = 0 [pid 5768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5768] setpgid(0, 0) = 0 [pid 5768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5768] write(3, "1000", 4) = 4 [pid 5768] close(3) = 0 [pid 5768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5768] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5768] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5768] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5769 attached [pid 5769] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5769] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5769] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] <... clone3 resumed> => {parent_tid=[5769]}, 88) = 5769 [pid 5768] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5768] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5769] memfd_create("syzkaller", 0) = 3 [pid 5769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5768] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5768] <... futex resumed>) = 0 [pid 5768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5768] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE [pid 5769] <... write resumed>) = 262144 [pid 5768] <... mprotect resumed>) = 0 [pid 5769] munmap(0x7f81b2d9e000, 262144 [pid 5768] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5769] <... munmap resumed>) = 0 [pid 5768] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5770 attached [pid 5770] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5768] <... clone3 resumed> => {parent_tid=[5770]}, 88) = 5770 [pid 5770] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5769] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5768] rt_sigprocmask(SIG_SETMASK, [], [pid 5770] rt_sigprocmask(SIG_SETMASK, [], [pid 5769] <... openat resumed>) = 4 [pid 5768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5770] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] ioctl(4, LOOP_SET_FD, 3 [pid 5768] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5768] <... futex resumed>) = 0 [pid 5770] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5768] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... open resumed>) = 5 [pid 5769] <... ioctl resumed>) = 0 [pid 5769] close(3) = 0 [pid 5769] mkdir("./file1", 0777 [pid 5770] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5768] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5770] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... mkdir resumed>) = 0 [pid 5769] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5770] <... futex resumed>) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5768] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5770] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5768] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5770] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] <... futex resumed>) = 0 [pid 5769] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5769] ioctl(4, LOOP_CLR_FD) = 0 [pid 5769] close(4) = 0 [pid 5769] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] exit_group(0 [pid 5770] <... futex resumed>) = ? [pid 5768] <... exit_group resumed>) = ? [pid 5770] +++ exited with 0 +++ [pid 5769] +++ exited with 0 +++ [pid 5768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5768, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./186/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/bus") = 0 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 umount2("./186/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5771 attached , child_tidptr=0x555556eda690) = 5771 [pid 5771] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5771] chdir("./187") = 0 [pid 5771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5771] setpgid(0, 0) = 0 [pid 5771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5771] write(3, "1000", 4) = 4 [pid 5771] close(3) = 0 [pid 5771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5771] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5771] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5771] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5772 attached [pid 5772] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5772] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5772] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] <... clone3 resumed> => {parent_tid=[5772]}, 88) = 5772 [pid 5771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5771] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5772] memfd_create("syzkaller", 0 [pid 5771] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5772] <... memfd_create resumed>) = 3 [pid 5772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5771] <... mmap resumed>) = 0x7f81bb17d000 [ 71.070481][ T5769] loop0: detected capacity change from 0 to 512 [ 71.085267][ T5769] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 71.095272][ T5769] EXT4-fs (loop0): group descriptors corrupted! [pid 5771] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5773]}, 88) = 5773 [pid 5771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5771] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5773 attached [pid 5773] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5773] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5773] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5772] <... write resumed>) = 262144 [pid 5773] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5772] munmap(0x7f81b2d7d000, 262144 [pid 5771] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5772] <... munmap resumed>) = 0 [pid 5772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5772] ioctl(5, LOOP_SET_FD, 3 [pid 5773] <... mount resumed>) = 0 [pid 5773] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5773] <... futex resumed>) = 1 [pid 5771] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5771] <... futex resumed>) = 0 [pid 5773] <... open resumed>) = 6 [pid 5771] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5771] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... futex resumed>) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5773] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5771] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... ioctl resumed>) = 0 [pid 5772] close(3) = 0 [pid 5772] mkdir("./file1", 0777) = 0 [pid 5772] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5773] <... write resumed>) = -1 EIO (Input/output error) [pid 5773] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5773] <... futex resumed>) = 1 [pid 5773] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5772] ioctl(5, LOOP_CLR_FD) = 0 [pid 5772] close(5) = 0 [pid 5772] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] exit_group(0 [pid 5773] <... futex resumed>) = ? [pid 5773] +++ exited with 0 +++ [pid 5772] <... futex resumed>) = ? [pid 5771] <... exit_group resumed>) = ? [pid 5772] +++ exited with 0 +++ [pid 5771] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5771, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./187/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./187/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/bus") = 0 umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 umount2("./187/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./187/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5774 attached , child_tidptr=0x555556eda690) = 5774 [pid 5774] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5774] chdir("./188") = 0 [pid 5774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5774] setpgid(0, 0) = 0 [pid 5774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5774] write(3, "1000", 4) = 4 [pid 5774] close(3) = 0 [pid 5774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5774] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5774] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 71.158470][ T5772] loop0: detected capacity change from 0 to 512 [ 71.163024][ T5773] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 71.174576][ T5773] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 71.188575][ T5772] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5775 attached [pid 5775] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5774] <... clone3 resumed> => {parent_tid=[5775]}, 88) = 5775 [pid 5775] <... rseq resumed>) = 0 [pid 5774] rt_sigprocmask(SIG_SETMASK, [], [pid 5775] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5775] rt_sigprocmask(SIG_SETMASK, [], [pid 5774] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5774] <... futex resumed>) = 0 [pid 5775] memfd_create("syzkaller", 0 [pid 5774] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5775] <... memfd_create resumed>) = 3 [pid 5774] <... mmap resumed>) = 0x7f81bb17d000 [pid 5775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5774] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5776]}, 88) = 5776 [pid 5774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5774] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5776 attached [pid 5776] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5776] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5776] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5775] <... write resumed>) = 262144 [pid 5776] <... open resumed>) = 4 [pid 5776] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] munmap(0x7f81b2d7d000, 262144 [pid 5776] <... futex resumed>) = 1 [pid 5776] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5775] <... munmap resumed>) = 0 [pid 5774] <... futex resumed>) = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5774] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... futex resumed>) = 0 [pid 5775] <... openat resumed>) = 5 [pid 5774] <... futex resumed>) = 1 [pid 5776] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5775] ioctl(5, LOOP_SET_FD, 3 [pid 5774] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] <... mount resumed>) = 0 [pid 5776] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... ioctl resumed>) = 0 [pid 5775] close(3) = 0 [pid 5775] mkdir("./file1", 0777) = 0 [pid 5775] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5776] <... futex resumed>) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5776] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... futex resumed>) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5774] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] <... write resumed>) = 262144 [pid 5776] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... futex resumed>) = 0 [pid 5775] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5775] ioctl(5, LOOP_CLR_FD) = 0 [pid 5775] close(5) = 0 [pid 5775] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5775] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] exit_group(0 [pid 5776] <... futex resumed>) = ? [pid 5776] +++ exited with 0 +++ [pid 5774] <... exit_group resumed>) = ? [pid 5775] <... futex resumed>) = ? [pid 5775] +++ exited with 0 +++ [pid 5774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5774, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./188/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./188/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/bus") = 0 umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 umount2("./188/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./188/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5777 ./strace-static-x86_64: Process 5777 attached [pid 5777] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5777] chdir("./189") = 0 [pid 5777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5777] setpgid(0, 0) = 0 [pid 5777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5777] write(3, "1000", 4) = 4 [pid 5777] close(3) = 0 [ 71.247005][ T5775] loop0: detected capacity change from 0 to 512 [ 71.265476][ T5775] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5777] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5777] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5777] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5777] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5778 attached [pid 5778] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5777] <... clone3 resumed> => {parent_tid=[5778]}, 88) = 5778 [pid 5778] <... rseq resumed>) = 0 [pid 5777] rt_sigprocmask(SIG_SETMASK, [], [pid 5778] set_robust_list(0x7f81bb1be9a0, 24 [pid 5777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5778] <... set_robust_list resumed>) = 0 [pid 5777] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] rt_sigprocmask(SIG_SETMASK, [], [pid 5777] <... futex resumed>) = 0 [pid 5778] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5777] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] memfd_create("syzkaller", 0 [pid 5777] <... futex resumed>) = 0 [pid 5778] <... memfd_create resumed>) = 3 [pid 5777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5777] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5777] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5779 attached => {parent_tid=[5779]}, 88) = 5779 [pid 5779] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5777] rt_sigprocmask(SIG_SETMASK, [], [pid 5779] set_robust_list(0x7f81bb19d9a0, 24 [pid 5778] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5779] <... set_robust_list resumed>) = 0 [pid 5777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5779] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5777] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5779] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] <... write resumed>) = 262144 [pid 5778] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5778] ioctl(5, LOOP_SET_FD, 3 [pid 5779] <... open resumed>) = 4 [pid 5779] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... futex resumed>) = 0 [pid 5779] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5779] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5777] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5777] <... futex resumed>) = 0 [pid 5779] <... open resumed>) = 6 [pid 5778] <... ioctl resumed>) = 0 [pid 5777] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] close(3) = 0 [pid 5779] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] mkdir("./file1", 0777 [pid 5779] <... futex resumed>) = 1 [pid 5779] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] <... mkdir resumed>) = 0 [pid 5777] <... futex resumed>) = 0 [pid 5778] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5777] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... futex resumed>) = 0 [pid 5777] <... futex resumed>) = 1 [pid 5777] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5779] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5777] <... futex resumed>) = 0 [pid 5778] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5778] ioctl(5, LOOP_CLR_FD) = 0 [pid 5778] close(5) = 0 [pid 5778] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5778] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5777] exit_group(0 [pid 5779] <... futex resumed>) = ? [pid 5777] <... exit_group resumed>) = ? [pid 5779] +++ exited with 0 +++ [pid 5778] <... futex resumed>) = ? [pid 5778] +++ exited with 0 +++ [pid 5777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5777, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./189/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./189/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/bus") = 0 umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 umount2("./189/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./189/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 71.341128][ T5778] loop0: detected capacity change from 0 to 512 [ 71.356271][ T5778] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5780 ./strace-static-x86_64: Process 5780 attached [pid 5780] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5780] chdir("./190") = 0 [pid 5780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5780] setpgid(0, 0) = 0 [pid 5780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5780] write(3, "1000", 4) = 4 [pid 5780] close(3) = 0 [pid 5780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5780] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5780] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5780] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5780] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5780] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5781 attached => {parent_tid=[5781]}, 88) = 5781 [pid 5780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5780] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5780] <... futex resumed>) = 0 [pid 5781] <... rseq resumed>) = 0 [pid 5781] set_robust_list(0x7f81bb1be9a0, 24 [pid 5780] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... set_robust_list resumed>) = 0 [pid 5781] rt_sigprocmask(SIG_SETMASK, [], [pid 5780] <... futex resumed>) = 0 [pid 5781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5781] memfd_create("syzkaller", 0 [pid 5780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5781] <... memfd_create resumed>) = 3 [pid 5780] <... mmap resumed>) = 0x7f81bb17d000 [pid 5781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5780] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5781] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5780] <... mprotect resumed>) = 0 [pid 5780] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5780] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5782]}, 88) = 5782 [pid 5780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5780] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5782 attached [pid 5781] <... write resumed>) = 262144 [pid 5782] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5781] munmap(0x7f81b2d7d000, 262144 [pid 5782] <... rseq resumed>) = 0 [pid 5782] set_robust_list(0x7f81bb19d9a0, 24 [pid 5781] <... munmap resumed>) = 0 [pid 5781] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5782] <... set_robust_list resumed>) = 0 [pid 5781] <... openat resumed>) = 4 [pid 5782] rt_sigprocmask(SIG_SETMASK, [], [pid 5781] ioctl(4, LOOP_SET_FD, 3 [pid 5782] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5782] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5782] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] <... futex resumed>) = 1 [pid 5780] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5782] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5782] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5782] <... futex resumed>) = 1 [pid 5780] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5782] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5782] <... futex resumed>) = 1 [pid 5782] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5781] <... ioctl resumed>) = 0 [pid 5782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5781] close(3 [pid 5780] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... close resumed>) = 0 [pid 5782] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5781] mkdir("./file1", 0777 [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... mkdir resumed>) = 0 [pid 5781] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5782] <... write resumed>) = 262144 [pid 5782] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] <... futex resumed>) = 0 [pid 5781] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5781] ioctl(4, LOOP_CLR_FD) = 0 [pid 5781] close(4) = 0 [pid 5781] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] exit_group(0 [pid 5782] <... futex resumed>) = ? [pid 5780] <... exit_group resumed>) = ? [pid 5782] +++ exited with 0 +++ [pid 5781] <... futex resumed>) = ? [pid 5781] +++ exited with 0 +++ [pid 5780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5780, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./190/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/bus") = 0 umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 umount2("./190/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./190/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 71.423855][ T5781] loop0: detected capacity change from 0 to 512 [ 71.447906][ T5781] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5783 ./strace-static-x86_64: Process 5783 attached [pid 5783] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5783] chdir("./191") = 0 [pid 5783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5783] setpgid(0, 0) = 0 [pid 5783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5783] write(3, "1000", 4) = 4 [pid 5783] close(3) = 0 [pid 5783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5783] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5783] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5783] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5784]}, 88) = 5784 ./strace-static-x86_64: Process 5784 attached [pid 5784] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5783] rt_sigprocmask(SIG_SETMASK, [], [pid 5784] <... rseq resumed>) = 0 [pid 5784] set_robust_list(0x7f81bb1be9a0, 24 [pid 5783] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5783] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... set_robust_list resumed>) = 0 [pid 5784] rt_sigprocmask(SIG_SETMASK, [], [pid 5783] <... futex resumed>) = 0 [pid 5784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5783] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] memfd_create("syzkaller", 0 [pid 5783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5784] <... memfd_create resumed>) = 3 [pid 5783] <... mmap resumed>) = 0x7f81bb17d000 [pid 5783] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5783] <... mprotect resumed>) = 0 [pid 5783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5784] <... mmap resumed>) = 0x7f81b2d7d000 ./strace-static-x86_64: Process 5785 attached [pid 5783] <... clone3 resumed> => {parent_tid=[5785]}, 88) = 5785 [pid 5783] rt_sigprocmask(SIG_SETMASK, [], [pid 5785] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5783] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5783] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... rseq resumed>) = 0 [pid 5783] <... futex resumed>) = 0 [pid 5783] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] set_robust_list(0x7f81bb19d9a0, 24 [pid 5784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5785] <... set_robust_list resumed>) = 0 [pid 5785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5785] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5785] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... write resumed>) = 262144 [pid 5783] <... futex resumed>) = 0 [pid 5785] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5783] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 0 [pid 5785] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5785] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] <... futex resumed>) = 0 [pid 5785] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] munmap(0x7f81b2d7d000, 262144 [pid 5783] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... futex resumed>) = 0 [pid 5783] <... futex resumed>) = 1 [pid 5785] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5783] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... open resumed>) = 5 [pid 5785] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] <... futex resumed>) = 0 [pid 5785] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5783] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... futex resumed>) = 0 [pid 5784] <... munmap resumed>) = 0 [pid 5783] <... futex resumed>) = 1 [pid 5785] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5783] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5784] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5785] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... openat resumed>) = 6 [pid 5785] <... futex resumed>) = 1 [pid 5785] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] ioctl(6, LOOP_SET_FD, 3 [pid 5783] <... futex resumed>) = 0 [pid 5784] <... ioctl resumed>) = 0 [pid 5784] close(3) = 0 [pid 5784] mkdir("./file1", 0777) = 0 [ 71.539829][ T5784] loop0: detected capacity change from 0 to 512 [ 71.572354][ T5784] EXT4-fs (loop0): 1 orphan inode deleted [pid 5784] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5784] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5784] chdir("./file1") = 0 [pid 5784] ioctl(6, LOOP_CLR_FD) = 0 [pid 5784] close(6) = 0 [pid 5784] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5783] exit_group(0 [pid 5785] <... futex resumed>) = ? [pid 5783] <... exit_group resumed>) = ? [pid 5785] +++ exited with 0 +++ [pid 5784] <... futex resumed>) = ? [pid 5784] +++ exited with 0 +++ [pid 5783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5783, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./191/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/bus") = 0 umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 umount2("./191/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./191/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 71.581161][ T5784] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/191/file1 supports timestamps until 2038-01-19 (0x7fffffff) rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5788 ./strace-static-x86_64: Process 5788 attached [pid 5788] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5788] chdir("./192") = 0 [pid 5788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5788] setpgid(0, 0) = 0 [pid 5788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5788] write(3, "1000", 4) = 4 [pid 5788] close(3) = 0 [pid 5788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5788] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5788] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5788] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5789 attached => {parent_tid=[5789]}, 88) = 5789 [pid 5789] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5788] rt_sigprocmask(SIG_SETMASK, [], [pid 5789] <... rseq resumed>) = 0 [pid 5788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5789] set_robust_list(0x7f81bb1be9a0, 24 [pid 5788] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... set_robust_list resumed>) = 0 [pid 5789] rt_sigprocmask(SIG_SETMASK, [], [pid 5788] <... futex resumed>) = 0 [pid 5789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5788] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] memfd_create("syzkaller", 0 [pid 5788] <... futex resumed>) = 0 [pid 5788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5788] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5789] <... memfd_create resumed>) = 3 [pid 5788] <... mprotect resumed>) = 0 [pid 5789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5788] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5789] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5788] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5790 attached => {parent_tid=[5790]}, 88) = 5790 [pid 5790] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5788] rt_sigprocmask(SIG_SETMASK, [], [pid 5789] <... write resumed>) = 262144 [pid 5788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5789] munmap(0x7f81b2d7d000, 262144 [pid 5788] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] <... rseq resumed>) = 0 [pid 5790] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5788] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5790] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5789] <... munmap resumed>) = 0 [pid 5790] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5788] <... futex resumed>) = 1 [pid 5790] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5788] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... mount resumed>) = 0 [pid 5789] <... openat resumed>) = 5 [pid 5790] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] <... futex resumed>) = 0 [pid 5789] ioctl(5, LOOP_SET_FD, 3 [pid 5788] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5788] <... futex resumed>) = 1 [pid 5790] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5788] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... open resumed>) = 6 [pid 5790] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5788] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5790] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5789] <... ioctl resumed>) = 0 [pid 5789] close(3) = 0 [pid 5789] mkdir("./file1", 0777 [pid 5788] <... futex resumed>) = 1 [pid 5789] <... mkdir resumed>) = 0 [pid 5789] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5788] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... write resumed>) = 262144 [pid 5790] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5790] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5789] ioctl(5, LOOP_CLR_FD) = 0 [pid 5789] close(5) = 0 [pid 5789] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] exit_group(0 [pid 5789] <... futex resumed>) = ? [pid 5790] <... futex resumed>) = ? [pid 5788] <... exit_group resumed>) = ? [pid 5790] +++ exited with 0 +++ [pid 5789] +++ exited with 0 +++ [pid 5788] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5788, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./192/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./192/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/bus") = 0 umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 umount2("./192/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./192/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file1") = 0 [ 71.667037][ T5789] loop0: detected capacity change from 0 to 512 [ 71.681782][ T5789] EXT4-fs (loop0): VFS: Can't find ext4 filesystem getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5791 ./strace-static-x86_64: Process 5791 attached [pid 5791] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5791] chdir("./193") = 0 [pid 5791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5791] setpgid(0, 0) = 0 [pid 5791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5791] write(3, "1000", 4) = 4 [pid 5791] close(3) = 0 [pid 5791] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5791] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5791] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5791] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5791] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5791] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5791] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5792 attached => {parent_tid=[5792]}, 88) = 5792 [pid 5792] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5791] rt_sigprocmask(SIG_SETMASK, [], [pid 5792] set_robust_list(0x7f81bb1be9a0, 24 [pid 5791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5792] <... set_robust_list resumed>) = 0 [pid 5791] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] rt_sigprocmask(SIG_SETMASK, [], [pid 5791] <... futex resumed>) = 0 [pid 5792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5791] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] memfd_create("syzkaller", 0 [pid 5791] <... futex resumed>) = 0 [pid 5791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5792] <... memfd_create resumed>) = 3 [pid 5791] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5791] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5792] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5791] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5791] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5793 attached [pid 5793] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5791] <... clone3 resumed> => {parent_tid=[5793]}, 88) = 5793 [pid 5793] set_robust_list(0x7f81bb19d9a0, 24 [pid 5791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5791] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5791] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... set_robust_list resumed>) = 0 [pid 5792] <... write resumed>) = 262144 [pid 5793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5793] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5792] munmap(0x7f81b2d7d000, 262144 [pid 5793] <... open resumed>) = 4 [pid 5792] <... munmap resumed>) = 0 [pid 5792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5793] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] ioctl(5, LOOP_SET_FD, 3 [pid 5793] <... futex resumed>) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5791] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5791] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5792] <... ioctl resumed>) = 0 [pid 5792] close(3) = 0 [pid 5792] mkdir("./file1", 0777 [pid 5793] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5791] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5791] <... futex resumed>) = 0 [pid 5791] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... open resumed>) = 3 [pid 5793] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5793] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] <... mkdir resumed>) = 0 [pid 5791] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 1 [pid 5793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5792] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5791] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... write resumed>) = 262144 [pid 5793] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5793] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] <... futex resumed>) = 0 [pid 5792] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5792] ioctl(5, LOOP_CLR_FD) = 0 [pid 5792] close(5) = 0 [pid 5792] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] exit_group(0) = ? [pid 5793] <... futex resumed>) = ? [pid 5793] +++ exited with 0 +++ [pid 5792] <... futex resumed>) = ? [pid 5792] +++ exited with 0 +++ [pid 5791] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5791, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./193/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./193/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/bus") = 0 umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 umount2("./193/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./193/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 71.754850][ T5792] loop0: detected capacity change from 0 to 512 [ 71.771899][ T5792] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5794 attached , child_tidptr=0x555556eda690) = 5794 [pid 5794] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5794] chdir("./194") = 0 [pid 5794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5794] setpgid(0, 0) = 0 [pid 5794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5794] write(3, "1000", 4) = 4 [pid 5794] close(3) = 0 [pid 5794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5794] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5794] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5795 attached [pid 5795] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5794] <... clone3 resumed> => {parent_tid=[5795]}, 88) = 5795 [pid 5795] <... rseq resumed>) = 0 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], [pid 5795] set_robust_list(0x7f81bb1be9a0, 24 [pid 5794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5795] <... set_robust_list resumed>) = 0 [pid 5794] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] rt_sigprocmask(SIG_SETMASK, [], [pid 5794] <... futex resumed>) = 0 [pid 5795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5794] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] memfd_create("syzkaller", 0 [pid 5794] <... futex resumed>) = 0 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5794] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5796]}, 88) = 5796 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5794] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5796 attached [pid 5796] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5796] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5796] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5796] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5796] <... futex resumed>) = 1 [pid 5796] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5796] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5794] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] <... mount resumed>) = 0 [pid 5796] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5796] <... futex resumed>) = 1 [pid 5794] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5796] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5796] <... futex resumed>) = 1 [pid 5796] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = 0 [pid 5794] <... futex resumed>) = 1 [pid 5796] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5794] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5796] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5796] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] <... memfd_create resumed>) = 5 [pid 5795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5795] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5795] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 71.826780][ T5795] __do_sys_memfd_create: 39 callbacks suppressed [ 71.826795][ T5795] syz-executor212[5795]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 71.841439][ T28] kauditd_printk_skb: 39 callbacks suppressed [ 71.841453][ T28] audit: type=1800 audit(1693866702.571:196): pid=5796 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5795] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5795] close(5) = 0 [pid 5795] mkdir("./file1", 0777) = 0 [pid 5795] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5795] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5795] chdir("./file1") = 0 [pid 5795] ioctl(6, LOOP_CLR_FD) = 0 [pid 5795] close(6) = 0 [pid 5795] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] exit_group(0 [pid 5796] <... futex resumed>) = ? [pid 5795] <... futex resumed>) = ? [pid 5795] +++ exited with 0 +++ [pid 5796] +++ exited with 0 +++ [pid 5794] <... exit_group resumed>) = ? [pid 5794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5794, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./194/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/bus") = 0 umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/binderfs") = 0 umount2("./194/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./194/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5799 attached , child_tidptr=0x555556eda690) = 5799 [pid 5799] set_robust_list(0x555556eda6a0, 24) = 0 [ 71.873486][ T5795] loop0: detected capacity change from 0 to 512 [ 71.887840][ T5795] EXT4-fs (loop0): 1 orphan inode deleted [ 71.893806][ T5795] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/194/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5799] chdir("./195") = 0 [pid 5799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5799] setpgid(0, 0) = 0 [pid 5799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5799] write(3, "1000", 4) = 4 [pid 5799] close(3) = 0 [pid 5799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5799] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5799] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5799] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5799] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5799] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5800 attached => {parent_tid=[5800]}, 88) = 5800 [pid 5800] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5799] rt_sigprocmask(SIG_SETMASK, [], [pid 5800] <... rseq resumed>) = 0 [pid 5799] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5800] set_robust_list(0x7f81bb1be9a0, 24 [pid 5799] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] <... set_robust_list resumed>) = 0 [pid 5799] <... futex resumed>) = 0 [pid 5800] rt_sigprocmask(SIG_SETMASK, [], [pid 5799] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5799] <... futex resumed>) = 0 [pid 5800] memfd_create("syzkaller", 0 [pid 5799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5799] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5799] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5799] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5801 attached [pid 5800] <... memfd_create resumed>) = 3 [pid 5801] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5799] <... clone3 resumed> => {parent_tid=[5801]}, 88) = 5801 [pid 5801] <... rseq resumed>) = 0 [pid 5799] rt_sigprocmask(SIG_SETMASK, [], [pid 5801] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5799] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5801] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5799] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5799] <... futex resumed>) = 0 [pid 5801] <... open resumed>) = 4 [pid 5801] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5799] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5799] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = 0 [pid 5799] <... futex resumed>) = 1 [pid 5801] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5799] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... mount resumed>) = 0 [pid 5801] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5799] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... futex resumed>) = 1 [pid 5801] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5801] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5799] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] <... write resumed>) = 262144 [pid 5801] <... futex resumed>) = 1 [pid 5800] munmap(0x7f81b2d7d000, 262144 [pid 5801] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5801] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5801] <... futex resumed>) = 1 [pid 5800] <... munmap resumed>) = 0 [pid 5801] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5800] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5800] close(3) = 0 [pid 5800] mkdir("./file1", 0777) = 0 [ 71.975611][ T5800] syz-executor212[5800]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 71.988485][ T28] audit: type=1800 audit(1693866702.731:197): pid=5801 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.014340][ T5800] loop0: detected capacity change from 0 to 512 [pid 5800] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5800] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5800] chdir("./file1") = 0 [pid 5800] ioctl(6, LOOP_CLR_FD) = 0 [pid 5800] close(6) = 0 [pid 5800] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] exit_group(0 [pid 5801] <... futex resumed>) = ? [pid 5799] <... exit_group resumed>) = ? [pid 5800] +++ exited with 0 +++ [pid 5801] +++ exited with 0 +++ [pid 5799] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5799, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./195/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./195/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/bus") = 0 umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 umount2("./195/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./195/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./195/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5804 attached , child_tidptr=0x555556eda690) = 5804 [pid 5804] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5804] chdir("./196") = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5804] setpgid(0, 0) = 0 [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 72.028352][ T5800] EXT4-fs (loop0): 1 orphan inode deleted [ 72.034147][ T5800] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/195/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5804] write(3, "1000", 4) = 4 [pid 5804] close(3) = 0 [pid 5804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5804] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5804] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5804] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5805]}, 88) = 5805 ./strace-static-x86_64: Process 5805 attached [pid 5804] rt_sigprocmask(SIG_SETMASK, [], [pid 5805] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5805] set_robust_list(0x7f81bb1be9a0, 24 [pid 5804] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... set_robust_list resumed>) = 0 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5804] <... futex resumed>) = 0 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5805] memfd_create("syzkaller", 0 [pid 5804] <... mmap resumed>) = 0x7f81bb17d000 [pid 5804] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5806 attached [pid 5806] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5804] <... clone3 resumed> => {parent_tid=[5806]}, 88) = 5806 [pid 5806] <... rseq resumed>) = 0 [pid 5804] rt_sigprocmask(SIG_SETMASK, [], [pid 5806] set_robust_list(0x7f81bb19d9a0, 24 [pid 5804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5806] <... set_robust_list resumed>) = 0 [pid 5804] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5806] rt_sigprocmask(SIG_SETMASK, [], [pid 5804] <... futex resumed>) = 0 [pid 5806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5804] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5806] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5806] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5806] <... futex resumed>) = 0 [pid 5806] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5804] <... futex resumed>) = 1 [pid 5806] <... mount resumed>) = 0 [pid 5804] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5806] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5806] <... futex resumed>) = 1 [pid 5806] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5806] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5806] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5804] <... futex resumed>) = 0 [pid 5806] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5804] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5806] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5806] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5805] <... memfd_create resumed>) = 5 [pid 5805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5805] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5805] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5805] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5805] close(5) = 0 [pid 5805] mkdir("./file1", 0777) = 0 [ 72.098241][ T5805] syz-executor212[5805]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.109611][ T28] audit: type=1800 audit(1693866702.841:198): pid=5806 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.121873][ T5805] loop0: detected capacity change from 0 to 512 [pid 5805] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5805] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5805] chdir("./file1") = 0 [pid 5805] ioctl(6, LOOP_CLR_FD) = 0 [pid 5805] close(6) = 0 [pid 5805] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] exit_group(0) = ? [pid 5806] <... futex resumed>) = ? [pid 5806] +++ exited with 0 +++ [pid 5805] +++ exited with 0 +++ [pid 5804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5804, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./196/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./196/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/bus") = 0 umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 umount2("./196/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./196/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./196/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5809 attached , child_tidptr=0x555556eda690) = 5809 [pid 5809] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5809] chdir("./197") = 0 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5809] setpgid(0, 0) = 0 [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5809] write(3, "1000", 4) = 4 [pid 5809] close(3) = 0 [pid 5809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5809] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5809] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5810 attached => {parent_tid=[5810]}, 88) = 5810 [pid 5810] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5810] set_robust_list(0x7f81bb1be9a0, 24 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], [pid 5810] <... set_robust_list resumed>) = 0 [pid 5809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5810] rt_sigprocmask(SIG_SETMASK, [], [pid 5809] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5809] <... futex resumed>) = 0 [pid 5810] memfd_create("syzkaller", 0 [pid 5809] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.158147][ T5805] EXT4-fs (loop0): 1 orphan inode deleted [ 72.163930][ T5805] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/196/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5809] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5810] <... memfd_create resumed>) = 3 [pid 5810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5811]}, 88) = 5811 ./strace-static-x86_64: Process 5811 attached [pid 5811] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5811] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], [pid 5811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5811] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5809] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] <... futex resumed>) = 0 [pid 5811] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5809] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] <... write resumed>) = 262144 [pid 5811] <... open resumed>) = 4 [pid 5810] munmap(0x7f81b2d7d000, 262144 [pid 5811] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... munmap resumed>) = 0 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] <... futex resumed>) = 0 [pid 5810] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5811] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5810] <... openat resumed>) = 5 [pid 5811] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] ioctl(5, LOOP_SET_FD, 3 [pid 5811] <... futex resumed>) = 0 [pid 5811] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5809] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] <... futex resumed>) = 0 [pid 5811] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5811] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5811] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5809] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] <... futex resumed>) = 0 [ 72.216112][ T5810] syz-executor212[5810]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.230214][ T28] audit: type=1800 audit(1693866702.971:199): pid=5811 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.253646][ T5810] loop0: detected capacity change from 0 to 512 [pid 5811] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5810] <... ioctl resumed>) = 0 [pid 5809] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] close(3) = 0 [pid 5810] mkdir("./file1", 0777) = 0 [pid 5810] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5811] <... write resumed>) = -1 EIO (Input/output error) [pid 5811] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5811] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5810] ioctl(5, LOOP_CLR_FD) = 0 [pid 5810] close(5) = 0 [pid 5810] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] exit_group(0 [pid 5811] <... futex resumed>) = ? [pid 5809] <... exit_group resumed>) = ? [pid 5811] +++ exited with 0 +++ [pid 5810] +++ exited with 0 +++ [pid 5809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5809, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./197/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/bus") = 0 umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 umount2("./197/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./197/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5812 ./strace-static-x86_64: Process 5812 attached [pid 5812] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5812] chdir("./198") = 0 [pid 5812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5812] setpgid(0, 0) = 0 [pid 5812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5812] write(3, "1000", 4) = 4 [ 72.259272][ T5811] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 72.270535][ T5811] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 72.285543][ T5810] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5812] close(3) = 0 [pid 5812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5812] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5812] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5812] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5813 attached [pid 5813] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5812] <... clone3 resumed> => {parent_tid=[5813]}, 88) = 5813 [pid 5813] <... rseq resumed>) = 0 [pid 5812] rt_sigprocmask(SIG_SETMASK, [], [pid 5813] set_robust_list(0x7f81bb1be9a0, 24 [pid 5812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5813] <... set_robust_list resumed>) = 0 [pid 5812] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5812] <... futex resumed>) = 0 [pid 5813] memfd_create("syzkaller", 0 [pid 5812] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5812] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5814]}, 88) = 5814 [pid 5812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5812] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5814 attached [pid 5814] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5814] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5814] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5813] <... memfd_create resumed>) = 4 [pid 5813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5814] <... open resumed>) = 3 [pid 5814] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5814] <... futex resumed>) = 1 [pid 5812] <... futex resumed>) = 0 [pid 5814] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5812] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5812] <... futex resumed>) = 0 [pid 5814] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5812] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... mount resumed>) = 0 [pid 5814] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] <... futex resumed>) = 0 [pid 5812] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... futex resumed>) = 1 [pid 5814] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5814] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] <... futex resumed>) = 0 [pid 5812] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... futex resumed>) = 1 [pid 5814] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5814] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5812] <... futex resumed>) = 0 [pid 5813] <... write resumed>) = 262144 [pid 5813] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5813] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5813] close(4) = 0 [pid 5813] mkdir("./file1", 0777) = 0 [ 72.356120][ T5813] syz-executor212[5813]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.368052][ T28] audit: type=1800 audit(1693866703.111:200): pid=5814 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.392077][ T5813] loop0: detected capacity change from 0 to 512 [pid 5813] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5813] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5813] chdir("./file1") = 0 [pid 5813] ioctl(6, LOOP_CLR_FD) = 0 [pid 5813] close(6) = 0 [pid 5813] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5812] exit_group(0 [pid 5814] <... futex resumed>) = ? [pid 5813] <... futex resumed>) = ? [pid 5812] <... exit_group resumed>) = ? [pid 5814] +++ exited with 0 +++ [pid 5813] +++ exited with 0 +++ [pid 5812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5812, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./198/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./198/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/bus") = 0 umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/binderfs") = 0 umount2("./198/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./198/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./198/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 72.408379][ T5813] EXT4-fs (loop0): 1 orphan inode deleted [ 72.414166][ T5813] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/198/file1 supports timestamps until 2038-01-19 (0x7fffffff) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5817 attached , child_tidptr=0x555556eda690) = 5817 [pid 5817] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5817] chdir("./199") = 0 [pid 5817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5817] setpgid(0, 0) = 0 [pid 5817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5817] write(3, "1000", 4) = 4 [pid 5817] close(3) = 0 [pid 5817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5817] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5817] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5817] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5817] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5818 attached => {parent_tid=[5818]}, 88) = 5818 [pid 5817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5817] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5817] <... mmap resumed>) = 0x7f81bb17d000 [pid 5817] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5818] <... rseq resumed>) = 0 [pid 5818] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5817] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5817] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5818] memfd_create("syzkaller", 0 [pid 5817] <... clone3 resumed> => {parent_tid=[5819]}, 88) = 5819 [pid 5817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5819 attached [pid 5817] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5819] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5819] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5819] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5817] <... futex resumed>) = 0 [pid 5817] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = 0 [pid 5817] <... futex resumed>) = 1 [pid 5817] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5819] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5817] <... futex resumed>) = 0 [pid 5817] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5819] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5817] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... open resumed>) = 4 [pid 5819] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5817] <... futex resumed>) = 0 [pid 5817] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5817] <... futex resumed>) = 0 [pid 5819] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5817] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5819] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] <... memfd_create resumed>) = 5 [pid 5818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5818] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5818] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5818] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5818] close(5) = 0 [pid 5818] mkdir("./file1", 0777) = 0 [ 72.487176][ T5818] syz-executor212[5818]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.496874][ T28] audit: type=1800 audit(1693866703.231:201): pid=5819 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.523176][ T5818] loop0: detected capacity change from 0 to 512 [pid 5818] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5818] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5818] chdir("./file1") = 0 [pid 5818] ioctl(6, LOOP_CLR_FD) = 0 [pid 5818] close(6) = 0 [pid 5818] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5818] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5817] exit_group(0) = ? [pid 5818] <... futex resumed>) = ? [pid 5819] <... futex resumed>) = ? [pid 5819] +++ exited with 0 +++ [pid 5818] +++ exited with 0 +++ [pid 5817] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5817, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./199/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/bus") = 0 umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/binderfs") = 0 umount2("./199/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./199/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5822 [ 72.538004][ T5818] EXT4-fs (loop0): 1 orphan inode deleted [ 72.543769][ T5818] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/199/file1 supports timestamps until 2038-01-19 (0x7fffffff) ./strace-static-x86_64: Process 5822 attached [pid 5822] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5822] chdir("./200") = 0 [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5822] setpgid(0, 0) = 0 [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5822] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5822] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5823 attached => {parent_tid=[5823]}, 88) = 5823 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], [pid 5823] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... rseq resumed>) = 0 [pid 5823] set_robust_list(0x7f81bb1be9a0, 24 [pid 5822] <... futex resumed>) = 0 [pid 5823] <... set_robust_list resumed>) = 0 [pid 5823] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... futex resumed>) = 0 [pid 5823] memfd_create("syzkaller", 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5822] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5823] <... memfd_create resumed>) = 3 [pid 5823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5823] <... mmap resumed>) = 0x7f81b2d7d000 ./strace-static-x86_64: Process 5824 attached [pid 5824] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5822] <... clone3 resumed> => {parent_tid=[5824]}, 88) = 5824 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], [pid 5824] <... rseq resumed>) = 0 [pid 5824] set_robust_list(0x7f81bb19d9a0, 24 [pid 5822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5824] <... set_robust_list resumed>) = 0 [pid 5822] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5824] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5824] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5824] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5822] <... futex resumed>) = 0 [pid 5824] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5824] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5822] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... mount resumed>) = 0 [pid 5824] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... write resumed>) = 262144 [pid 5824] <... futex resumed>) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5824] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] munmap(0x7f81b2d7d000, 262144 [pid 5822] <... futex resumed>) = 0 [pid 5824] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5823] <... munmap resumed>) = 0 [pid 5822] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5824] <... open resumed>) = 5 [pid 5823] <... openat resumed>) = 6 [pid 5823] ioctl(6, LOOP_SET_FD, 3 [pid 5824] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5824] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5824] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5822] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... ioctl resumed>) = 0 [pid 5823] close(3) = 0 [pid 5823] mkdir("./file1", 0777) = 0 [pid 5823] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5824] <... write resumed>) = 262144 [pid 5824] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5824] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... futex resumed>) = 0 [ 72.611826][ T5823] syz-executor212[5823]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.626265][ T28] audit: type=1800 audit(1693866703.371:202): pid=5824 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.651312][ T5823] loop0: detected capacity change from 0 to 512 [pid 5823] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5823] ioctl(6, LOOP_CLR_FD) = 0 [pid 5823] close(6) = 0 [pid 5823] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] exit_group(0) = ? [pid 5823] <... futex resumed>) = ? [pid 5823] +++ exited with 0 +++ [pid 5824] <... futex resumed>) = ? [pid 5824] +++ exited with 0 +++ [pid 5822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5822, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./200/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./200/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/bus") = 0 umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 umount2("./200/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./200/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5825 attached , child_tidptr=0x555556eda690) = 5825 [pid 5825] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5825] chdir("./201") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5825] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5825] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5826]}, 88) = 5826 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5825] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5826 attached ) = 0x7f81bb17d000 [pid 5826] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5825] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5826] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5825] <... mprotect resumed>) = 0 [pid 5826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5826] memfd_create("syzkaller", 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 72.665883][ T5823] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5827 attached => {parent_tid=[5827]}, 88) = 5827 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5827] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5827] <... rseq resumed>) = 0 [pid 5827] set_robust_list(0x7f81bb19d9a0, 24 [pid 5825] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... set_robust_list resumed>) = 0 [pid 5825] <... futex resumed>) = 0 [pid 5827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5825] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5827] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... futex resumed>) = 1 [pid 5827] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5827] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5827] <... futex resumed>) = 1 [pid 5827] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5825] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... open resumed>) = 4 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5825] <... futex resumed>) = 0 [pid 5827] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5825] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5827] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] <... memfd_create resumed>) = 5 [pid 5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5826] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5826] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5826] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5826] close(5) = 0 [pid 5826] mkdir("./file1", 0777) = 0 [ 72.719062][ T5826] syz-executor212[5826]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.728126][ T28] audit: type=1800 audit(1693866703.461:203): pid=5827 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.754084][ T5826] loop0: detected capacity change from 0 to 512 [pid 5826] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5826] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 5826] chdir("./file1") = 0 [pid 5826] ioctl(6, LOOP_CLR_FD) = 0 [pid 5826] close(6) = 0 [pid 5826] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] exit_group(0 [pid 5827] <... futex resumed>) = ? [pid 5826] <... futex resumed>) = ? [pid 5827] +++ exited with 0 +++ [pid 5826] +++ exited with 0 +++ [pid 5825] <... exit_group resumed>) = ? [pid 5825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5825, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./201/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/bus") = 0 umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 umount2("./201/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./201/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached , child_tidptr=0x555556eda690) = 5830 [pid 5830] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5830] chdir("./202") = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 72.768095][ T5826] EXT4-fs (loop0): 1 orphan inode deleted [ 72.773888][ T5826] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/201/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5830] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5830] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5831 attached => {parent_tid=[5831]}, 88) = 5831 [pid 5831] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... rseq resumed>) = 0 [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] set_robust_list(0x7f81bb1be9a0, 24 [pid 5830] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5830] <... futex resumed>) = 0 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... futex resumed>) = 0 [pid 5831] memfd_create("syzkaller", 0 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5830] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5832]}, 88) = 5832 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5830] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5832 attached [pid 5832] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5832] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5832] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5831] <... memfd_create resumed>) = 4 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5831] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5831] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5831] ioctl(5, LOOP_SET_FD, 4 [pid 5832] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... ioctl resumed>) = 0 [pid 5832] <... futex resumed>) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5832] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5830] <... futex resumed>) = 0 [pid 5832] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5830] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... mount resumed>) = 0 [pid 5832] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5832] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 1 [pid 5832] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5830] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] <... futex resumed>) = 0 [pid 5830] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5831] close(4) = 0 [pid 5831] mkdir("./file1", 0777) = 0 [pid 5831] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5830] <... futex resumed>) = 0 [pid 5830] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... write resumed>) = 262144 [pid 5832] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [ 72.842793][ T5831] syz-executor212[5831]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.848917][ T28] audit: type=1800 audit(1693866703.591:204): pid=5832 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.869492][ T5831] loop0: detected capacity change from 0 to 512 [pid 5832] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5831] ioctl(5, LOOP_CLR_FD) = 0 [pid 5831] close(5) = 0 [pid 5831] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] exit_group(0 [pid 5832] <... futex resumed>) = ? [pid 5831] <... futex resumed>) = ? [pid 5830] <... exit_group resumed>) = ? [pid 5832] +++ exited with 0 +++ [pid 5831] +++ exited with 0 +++ [pid 5830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./202/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./202/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/bus") = 0 umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 umount2("./202/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./202/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5833 ./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5833] chdir("./203") = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5833] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5833] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5833] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5834 attached [pid 5834] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5833] <... clone3 resumed> => {parent_tid=[5834]}, 88) = 5834 [pid 5834] <... rseq resumed>) = 0 [ 72.889280][ T5831] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... futex resumed>) = 0 [pid 5833] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] memfd_create("syzkaller", 0 [pid 5833] <... futex resumed>) = 0 [pid 5833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5833] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5835]}, 88) = 5835 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5833] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5835 attached [pid 5835] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5835] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5835] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 3 [pid 5835] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... memfd_create resumed>) = 4 [pid 5835] <... futex resumed>) = 1 [pid 5835] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5834] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5833] <... futex resumed>) = 0 [pid 5833] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = 1 [pid 5835] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5833] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... mount resumed>) = 0 [pid 5835] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = 0 [pid 5833] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 1 [pid 5835] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5835] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = 0 [pid 5833] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 1 [pid 5835] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5835] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5835] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... write resumed>) = 262144 [pid 5834] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5834] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5834] close(4) = 0 [pid 5834] mkdir("./file1", 0777) = 0 [ 72.935550][ T5834] syz-executor212[5834]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.941965][ T28] audit: type=1800 audit(1693866703.681:205): pid=5835 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor212" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 72.973046][ T5834] loop0: detected capacity change from 0 to 512 [pid 5834] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5834] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5834] chdir("./file1") = 0 [pid 5834] ioctl(6, LOOP_CLR_FD) = 0 [pid 5834] close(6) = 0 [pid 5834] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] exit_group(0 [pid 5834] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5833] <... exit_group resumed>) = ? [pid 5835] <... futex resumed>) = ? [pid 5834] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ [pid 5833] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5833, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./203/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/bus") = 0 umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/binderfs") = 0 umount2("./203/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./203/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached [pid 5838] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5838] chdir("./204" [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5838 [pid 5838] <... chdir resumed>) = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [ 72.988591][ T5834] EXT4-fs (loop0): 1 orphan inode deleted [ 72.994376][ T5834] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/203/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5838] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5839]}, 88) = 5839 ./strace-static-x86_64: Process 5839 attached [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... rseq resumed>) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5839] set_robust_list(0x7f81bb1be9a0, 24 [pid 5838] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... set_robust_list resumed>) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... mmap resumed>) = 0x7f81bb17d000 [pid 5838] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5839] memfd_create("syzkaller", 0 [pid 5838] <... mprotect resumed>) = 0 [pid 5839] <... memfd_create resumed>) = 3 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5840 attached [pid 5839] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5840] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5838] <... clone3 resumed> => {parent_tid=[5840]}, 88) = 5840 [pid 5840] <... rseq resumed>) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] set_robust_list(0x7f81bb19d9a0, 24 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5838] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] <... futex resumed>) = 0 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5840] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = 1 [pid 5840] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... write resumed>) = 262144 [pid 5838] <... futex resumed>) = 0 [pid 5840] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5839] munmap(0x7f81b2d7d000, 262144 [pid 5838] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... mount resumed>) = 0 [pid 5839] <... munmap resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... openat resumed>) = 5 [pid 5839] ioctl(5, LOOP_SET_FD, 3 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5840] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... futex resumed>) = 1 [pid 5840] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3) = 0 [pid 5839] mkdir("./file1", 0777) = 0 [pid 5839] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5840] <... write resumed>) = -1 EIO (Input/output error) [pid 5840] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = 1 [pid 5840] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5839] ioctl(5, LOOP_CLR_FD) = 0 [pid 5839] close(5) = 0 [pid 5839] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] exit_group(0 [pid 5840] <... futex resumed>) = ? [pid 5839] <... futex resumed>) = ? [pid 5838] <... exit_group resumed>) = ? [pid 5839] +++ exited with 0 +++ [pid 5840] +++ exited with 0 +++ [pid 5838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./204/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./204/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/bus") = 0 umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 umount2("./204/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./204/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached [pid 5841] set_robust_list(0x555556eda6a0, 24 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5841 [pid 5841] <... set_robust_list resumed>) = 0 [pid 5841] chdir("./205") = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5841] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5841] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5842 attached [pid 5842] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5842] set_robust_list(0x7f81bb1be9a0, 24 [pid 5841] <... clone3 resumed> => {parent_tid=[5842]}, 88) = 5842 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5841] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5841] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5843 attached [pid 5843] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5841] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5843] <... rseq resumed>) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] set_robust_list(0x7f81bb19d9a0, 24 [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] <... set_robust_list resumed>) = 0 [pid 5841] <... futex resumed>) = 0 [pid 5843] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] <... open resumed>) = 3 [pid 5842] memfd_create("syzkaller", 0 [ 73.081064][ T5839] loop0: detected capacity change from 0 to 512 [ 73.087101][ T5840] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 73.097466][ T5840] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 73.110706][ T5839] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5843] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... memfd_create resumed>) = 4 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5843] <... futex resumed>) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5843] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5841] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... mount resumed>) = 0 [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5842] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5841] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5842] <... write resumed>) = 262144 [pid 5843] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] munmap(0x7f81b2d7d000, 262144 [pid 5843] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = 0 [pid 5841] <... futex resumed>) = 1 [pid 5843] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5841] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5842] <... munmap resumed>) = 0 [pid 5843] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5843] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5842] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5842] close(4) = 0 [pid 5842] mkdir("./file1", 0777) = 0 [pid 5842] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5842] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5842] chdir("./file1") = 0 [pid 5842] ioctl(6, LOOP_CLR_FD) = 0 [pid 5842] close(6) = 0 [pid 5842] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] exit_group(0 [pid 5843] <... futex resumed>) = ? [pid 5842] <... futex resumed>) = ? [pid 5841] <... exit_group resumed>) = ? [pid 5843] +++ exited with 0 +++ [pid 5842] +++ exited with 0 +++ [pid 5841] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5841, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./205/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/bus") = 0 umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 umount2("./205/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./205/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5846 attached , child_tidptr=0x555556eda690) = 5846 [pid 5846] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5846] chdir("./206") = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5846] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5847 attached [pid 5847] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5846] <... clone3 resumed> => {parent_tid=[5847]}, 88) = 5847 [pid 5847] <... rseq resumed>) = 0 [pid 5847] set_robust_list(0x7f81bb1be9a0, 24 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] <... set_robust_list resumed>) = 0 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5846] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] memfd_create("syzkaller", 0 [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] <... memfd_create resumed>) = 3 [ 73.170216][ T5842] loop0: detected capacity change from 0 to 512 [ 73.189022][ T5842] EXT4-fs (loop0): 1 orphan inode deleted [ 73.195548][ T5842] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/205/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5846] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} => {parent_tid=[5848]}, 88) = 5848 ./strace-static-x86_64: Process 5848 attached [pid 5848] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5848] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5847] <... write resumed>) = 262144 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5848] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5847] munmap(0x7f81b2d9e000, 262144 [pid 5846] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5847] <... munmap resumed>) = 0 [pid 5846] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... mount resumed>) = 0 [pid 5848] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5848] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5846] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... open resumed>) = 5 [pid 5846] <... futex resumed>) = 0 [pid 5848] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... futex resumed>) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] <... openat resumed>) = 6 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5847] ioctl(6, LOOP_SET_FD, 3 [pid 5846] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... futex resumed>) = 0 [pid 5848] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5847] <... ioctl resumed>) = 0 [pid 5847] close(3) = 0 [pid 5847] mkdir("./file1", 0777) = 0 [pid 5847] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5848] <... write resumed>) = -1 EIO (Input/output error) [pid 5848] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5848] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5847] ioctl(6, LOOP_CLR_FD) = 0 [pid 5847] close(6) = 0 [pid 5847] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] exit_group(0) = ? [pid 5848] <... futex resumed>) = ? [pid 5847] <... futex resumed>) = ? [pid 5848] +++ exited with 0 +++ [pid 5847] +++ exited with 0 +++ [pid 5846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./206/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./206/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/bus") = 0 umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 umount2("./206/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./206/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached , child_tidptr=0x555556eda690) = 5851 [pid 5851] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5851] chdir("./207") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [ 73.264304][ T5847] loop0: detected capacity change from 0 to 512 [ 73.286769][ T5847] EXT4-fs error (device loop0): __ext4_fill_super:5473: inode #2: comm syz-executor212: iget: special inode unallocated [ 73.299764][ T5847] EXT4-fs (loop0): get root inode failed [ 73.305736][ T5847] EXT4-fs (loop0): mount failed [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5851] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5851] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5852 attached => {parent_tid=[5852]}, 88) = 5852 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5851] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... rseq resumed>) = 0 [pid 5851] <... futex resumed>) = 0 [pid 5852] set_robust_list(0x7f81bb1be9a0, 24 [pid 5851] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5851] <... futex resumed>) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] memfd_create("syzkaller", 0 [pid 5851] <... mmap resumed>) = 0x7f81bb17d000 [pid 5851] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5852] <... memfd_create resumed>) = 3 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] <... mprotect resumed>) = 0 [pid 5852] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5853]}, 88) = 5853 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5851] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5853 attached [pid 5853] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5853] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5853] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5852] <... write resumed>) = 262144 [pid 5852] munmap(0x7f81b2d7d000, 262144 [pid 5853] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5853] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5851] <... futex resumed>) = 1 [pid 5853] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5851] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... mount resumed>) = 0 [pid 5852] <... munmap resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5852] ioctl(5, LOOP_SET_FD, 3 [pid 5853] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5853] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5851] <... futex resumed>) = 0 [pid 5853] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5851] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] <... ioctl resumed>) = 0 [pid 5853] <... open resumed>) = 6 [pid 5852] close(3) = 0 [pid 5852] mkdir("./file1", 0777 [pid 5853] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5851] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] <... mkdir resumed>) = 0 [pid 5852] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5853] <... write resumed>) = 262144 [pid 5853] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5853] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5852] ioctl(5, LOOP_CLR_FD) = 0 [pid 5852] close(5) = 0 [pid 5852] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] exit_group(0 [pid 5853] <... futex resumed>) = ? [pid 5851] <... exit_group resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ [pid 5851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./207/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./207/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/bus") = 0 umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 umount2("./207/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./207/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 73.373235][ T5852] loop0: detected capacity change from 0 to 512 [ 73.387108][ T5852] EXT4-fs (loop0): VFS: Can't find ext4 filesystem close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5854 ./strace-static-x86_64: Process 5854 attached [pid 5854] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5854] chdir("./208") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5854] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5855 attached => {parent_tid=[5855]}, 88) = 5855 [pid 5855] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5855] set_robust_list(0x7f81bb1be9a0, 24 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5855] <... set_robust_list resumed>) = 0 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5854] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5855] memfd_create("syzkaller", 0 [pid 5854] <... mprotect resumed>) = 0 [pid 5855] <... memfd_create resumed>) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5855] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5854] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5856 attached => {parent_tid=[5856]}, 88) = 5856 [pid 5856] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] set_robust_list(0x7f81bb19d9a0, 24 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5854] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... futex resumed>) = 0 [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5856] <... open resumed>) = 4 [pid 5856] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... futex resumed>) = 1 [pid 5856] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5856] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... futex resumed>) = 1 [pid 5856] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5856] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5856] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5856] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5854] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5855] <... write resumed>) = 262144 [pid 5856] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5855] munmap(0x7f81b2d7d000, 262144 [pid 5856] <... futex resumed>) = 1 [pid 5856] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] <... munmap resumed>) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5855] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5855] close(3) = 0 [pid 5855] mkdir("./file1", 0777) = 0 [pid 5855] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5855] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./file1") = 0 [pid 5855] ioctl(6, LOOP_CLR_FD) = 0 [pid 5855] close(6) = 0 [pid 5855] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] exit_group(0 [pid 5855] <... futex resumed>) = ? [pid 5854] <... exit_group resumed>) = ? [pid 5856] <... futex resumed>) = ? [pid 5855] +++ exited with 0 +++ [pid 5856] +++ exited with 0 +++ [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./208/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/bus") = 0 umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 umount2("./208/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./208/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached [pid 5859] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5859] chdir("./209") = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 73.459576][ T5855] loop0: detected capacity change from 0 to 512 [ 73.478337][ T5855] EXT4-fs (loop0): 1 orphan inode deleted [ 73.484238][ T5855] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/208/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5859] setpgid(0, 0) = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5859] symlink("/dev/binderfs", "./binderfs" [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5859 [pid 5859] <... symlink resumed>) = 0 [pid 5859] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5859] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5859] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5860 attached => {parent_tid=[5860]}, 88) = 5860 [pid 5860] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] <... rseq resumed>) = 0 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] set_robust_list(0x7f81bb1be9a0, 24 [pid 5859] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] <... futex resumed>) = 0 [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] memfd_create("syzkaller", 0 [pid 5859] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5860] <... memfd_create resumed>) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] <... mmap resumed>) = 0x7f81bb17d000 [pid 5860] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5859] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5859] <... clone3 resumed> => {parent_tid=[5861]}, 88) = 5861 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5859] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5861 attached [pid 5861] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5860] <... write resumed>) = 262144 [pid 5860] munmap(0x7f81b2d7d000, 262144 [pid 5861] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] <... munmap resumed>) = 0 [pid 5861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5861] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5860] <... openat resumed>) = 4 [pid 5861] <... open resumed>) = 5 [pid 5861] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 0 [pid 5861] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5859] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] ioctl(4, LOOP_SET_FD, 3 [pid 5861] <... mount resumed>) = 0 [pid 5861] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 0 [pid 5861] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5859] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... open resumed>) = 6 [pid 5861] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5860] <... ioctl resumed>) = 0 [pid 5860] close(3) = 0 [pid 5860] mkdir("./file1", 0777 [pid 5861] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 0 [pid 5859] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5860] <... mkdir resumed>) = 0 [pid 5860] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5861] <... write resumed>) = 262144 [pid 5861] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5860] ioctl(4, LOOP_CLR_FD) = 0 [pid 5860] close(4) = 0 [pid 5860] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] exit_group(0) = ? [pid 5861] <... futex resumed>) = ? [pid 5861] +++ exited with 0 +++ [pid 5860] <... futex resumed>) = ? [pid 5860] +++ exited with 0 +++ [pid 5859] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./209/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./209/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/bus") = 0 umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 umount2("./209/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./209/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached , child_tidptr=0x555556eda690) = 5862 [pid 5862] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5862] chdir("./210") = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5862] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5862] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5863 attached [pid 5863] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [ 73.553805][ T5860] loop0: detected capacity change from 0 to 512 [ 73.568380][ T5860] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5862] <... clone3 resumed> => {parent_tid=[5863]}, 88) = 5863 [pid 5863] <... rseq resumed>) = 0 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] <... futex resumed>) = 0 [pid 5863] memfd_create("syzkaller", 0 [pid 5862] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] <... memfd_create resumed>) = 3 [pid 5862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5862] <... mmap resumed>) = 0x7f81bb17d000 [pid 5863] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5862] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5864 attached [pid 5864] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5862] <... clone3 resumed> => {parent_tid=[5864]}, 88) = 5864 [pid 5864] <... rseq resumed>) = 0 [pid 5864] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5862] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] <... write resumed>) = 262144 [pid 5864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5863] munmap(0x7f81b2d7d000, 262144 [pid 5864] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] <... munmap resumed>) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5862] <... futex resumed>) = 1 [pid 5864] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5862] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] <... openat resumed>) = 5 [pid 5864] <... mount resumed>) = 0 [pid 5863] ioctl(5, LOOP_SET_FD, 3 [pid 5864] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5864] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5862] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5862] <... futex resumed>) = 0 [pid 5864] <... open resumed>) = 6 [pid 5862] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5862] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5864] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5862] <... futex resumed>) = 1 [pid 5862] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] <... ioctl resumed>) = 0 [pid 5863] close(3) = 0 [pid 5863] mkdir("./file1", 0777) = 0 [pid 5864] <... write resumed>) = -1 EIO (Input/output error) [pid 5864] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5864] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = -1 EINVAL (Invalid argument) [pid 5863] ioctl(5, LOOP_CLR_FD) = 0 [pid 5863] close(5) = 0 [pid 5863] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] exit_group(0) = ? [pid 5863] <... futex resumed>) = ? [pid 5864] <... futex resumed>) = ? [pid 5863] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ [pid 5862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./210/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/bus") = 0 umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 umount2("./210/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./210/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5865 attached , child_tidptr=0x555556eda690) = 5865 [pid 5865] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5865] chdir("./211") = 0 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5865] setpgid(0, 0) = 0 [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5865] write(3, "1000", 4) = 4 [pid 5865] close(3) = 0 [pid 5865] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5865] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5865] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 73.630419][ T5863] loop0: detected capacity change from 0 to 512 [ 73.642343][ T5863] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5865] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5865] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5866 attached [pid 5866] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5866] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5865] <... clone3 resumed> => {parent_tid=[5866]}, 88) = 5866 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5865] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] <... futex resumed>) = 0 [pid 5866] memfd_create("syzkaller", 0 [pid 5865] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... memfd_create resumed>) = 3 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5865] <... futex resumed>) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5865] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5865] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5865] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} => {parent_tid=[5867]}, 88) = 5867 ./strace-static-x86_64: Process 5867 attached [pid 5867] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5866] <... write resumed>) = 262144 [pid 5865] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] <... rseq resumed>) = 0 [pid 5867] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5867] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] munmap(0x7f81b2d9e000, 262144 [pid 5865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5867] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5866] <... munmap resumed>) = 0 [pid 5865] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... open resumed>) = 4 [pid 5867] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5865] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] ioctl(5, LOOP_SET_FD, 3 [pid 5865] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5865] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5867] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5867] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... ioctl resumed>) = 0 [pid 5866] close(3) = 0 [pid 5866] mkdir("./file1", 0777 [pid 5865] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5865] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... futex resumed>) = 0 [pid 5867] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5867] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5867] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... mkdir resumed>) = 0 [pid 5866] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = -1 EINVAL (Invalid argument) [pid 5866] ioctl(5, LOOP_CLR_FD) = 0 [pid 5866] close(5) = 0 [pid 5866] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] exit_group(0 [pid 5867] <... futex resumed>) = ? [pid 5866] <... futex resumed>) = ? [pid 5865] <... exit_group resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5866] +++ exited with 0 +++ [pid 5865] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./211/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./211/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/bus") = 0 umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/binderfs") = 0 umount2("./211/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./211/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached , child_tidptr=0x555556eda690) = 5868 [pid 5868] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5868] chdir("./212") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [ 73.702929][ T5866] loop0: detected capacity change from 0 to 512 [ 73.719534][ T5866] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5868] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5869 attached [pid 5869] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5869] set_robust_list(0x7f81bb1be9a0, 24 [pid 5868] <... clone3 resumed> => {parent_tid=[5869]}, 88) = 5869 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5868] <... futex resumed>) = 1 [pid 5869] memfd_create("syzkaller", 0 [pid 5868] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] <... memfd_create resumed>) = 3 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] <... mmap resumed>) = 0x7f81bb17d000 [pid 5869] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5868] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5870]}, 88) = 5870 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5870 attached [pid 5869] <... write resumed>) = 262144 [pid 5870] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5869] munmap(0x7f81b2d7d000, 262144 [pid 5870] <... rseq resumed>) = 0 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] <... munmap resumed>) = 0 [pid 5870] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5869] ioctl(5, LOOP_SET_FD, 3 [pid 5870] <... open resumed>) = 4 [pid 5870] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5870] <... futex resumed>) = 1 [pid 5868] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5870] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5870] <... futex resumed>) = 1 [pid 5870] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5869] <... ioctl resumed>) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] close(3) = 0 [pid 5869] mkdir("./file1", 0777) = 0 [pid 5869] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5870] <... write resumed>) = 262144 [pid 5870] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5870] <... futex resumed>) = 1 [pid 5870] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5869] ioctl(5, LOOP_CLR_FD) = 0 [pid 5869] close(5) = 0 [pid 5869] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] exit_group(0 [pid 5869] <... futex resumed>) = 0 [pid 5868] <... exit_group resumed>) = ? [pid 5869] +++ exited with 0 +++ [pid 5870] <... futex resumed>) = ? [pid 5870] +++ exited with 0 +++ [pid 5868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./212/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./212/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/bus") = 0 umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/binderfs") = 0 umount2("./212/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./212/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached , child_tidptr=0x555556eda690) = 5871 [pid 5871] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5871] chdir("./213") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5871] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5872]}, 88) = 5872 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5871] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5871] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 73.777860][ T5869] loop0: detected capacity change from 0 to 512 [ 73.790789][ T5869] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5873] set_robust_list(0x7f81bb19d9a0, 24 [pid 5871] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5873] <... set_robust_list resumed>) = 0 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5873] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5871] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5872 attached [pid 5872] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5872] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5873] <... open resumed>) = 3 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] memfd_create("syzkaller", 0 [pid 5873] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... memfd_create resumed>) = 4 [pid 5871] <... futex resumed>) = 0 [pid 5873] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5873] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5871] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5873] <... mount resumed>) = 0 [pid 5873] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = 1 [pid 5872] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5871] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5871] <... futex resumed>) = 0 [pid 5873] <... open resumed>) = 5 [pid 5871] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5873] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5871] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5872] <... write resumed>) = 262144 [pid 5873] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... futex resumed>) = 0 [pid 5872] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5872] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5872] close(4) = 0 [pid 5872] mkdir("./file1", 0777) = 0 [pid 5872] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5872] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5872] chdir("./file1") = 0 [pid 5872] ioctl(6, LOOP_CLR_FD) = 0 [pid 5872] close(6) = 0 [pid 5872] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] exit_group(0 [pid 5873] <... futex resumed>) = ? [pid 5872] <... futex resumed>) = ? [pid 5871] <... exit_group resumed>) = ? [pid 5873] +++ exited with 0 +++ [pid 5872] +++ exited with 0 +++ [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./213/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/bus") = 0 umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/binderfs") = 0 umount2("./213/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./213/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5876 ./strace-static-x86_64: Process 5876 attached [pid 5876] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5876] chdir("./214") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5876] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5876] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 73.851854][ T5872] loop0: detected capacity change from 0 to 512 [ 73.873361][ T5872] EXT4-fs (loop0): 1 orphan inode deleted [ 73.879684][ T5872] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/213/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5876] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5877]}, 88) = 5877 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5877 attached NULL, 8) = 0 [pid 5876] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5876] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5878 attached [pid 5877] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5878] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5877] <... rseq resumed>) = 0 [pid 5878] <... rseq resumed>) = 0 [pid 5877] set_robust_list(0x7f81bb1be9a0, 24 [pid 5878] set_robust_list(0x7f81bb19d9a0, 24 [pid 5877] <... set_robust_list resumed>) = 0 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] memfd_create("syzkaller", 0 [pid 5876] <... clone3 resumed> => {parent_tid=[5878]}, 88) = 5878 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5876] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5877] <... memfd_create resumed>) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5878] <... open resumed>) = 4 [pid 5878] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5878] <... futex resumed>) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5878] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5876] <... futex resumed>) = 0 [pid 5878] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5876] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] <... mount resumed>) = 0 [pid 5878] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5878] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] <... write resumed>) = 262144 [pid 5876] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] munmap(0x7f81b2d7d000, 262144 [pid 5876] <... futex resumed>) = 0 [pid 5878] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5877] <... munmap resumed>) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5876] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] <... open resumed>) = 5 [pid 5877] <... openat resumed>) = 6 [pid 5878] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] ioctl(6, LOOP_SET_FD, 3 [pid 5878] <... futex resumed>) = 0 [pid 5877] <... ioctl resumed>) = 0 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5876] <... futex resumed>) = 0 [pid 5878] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5876] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] close(3) = 0 [pid 5877] mkdir("./file1", 0777) = 0 [pid 5877] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5878] <... write resumed>) = 262144 [pid 5878] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5878] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5877] ioctl(6, LOOP_CLR_FD) = 0 [pid 5877] close(6) = 0 [pid 5877] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] exit_group(0 [pid 5878] <... futex resumed>) = ? [pid 5876] <... exit_group resumed>) = ? [pid 5878] +++ exited with 0 +++ [pid 5877] <... futex resumed>) = ? [pid 5877] +++ exited with 0 +++ [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./214/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./214/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/bus") = 0 umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/binderfs") = 0 umount2("./214/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./214/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached , child_tidptr=0x555556eda690) = 5879 [pid 5879] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5879] chdir("./215") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 73.948427][ T5877] loop0: detected capacity change from 0 to 512 [ 73.962239][ T5877] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5879] write(3, "1000", 4) = 4 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5879] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5879] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5879] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5880]}, 88) = 5880 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5880 attached [pid 5880] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5879] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... rseq resumed>) = 0 [pid 5880] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5880] memfd_create("syzkaller", 0) = 3 [pid 5879] <... mmap resumed>) = 0x7f81bb17d000 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5880] munmap(0x7f81b2d7d000, 262144) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_SET_FD, 3 [pid 5879] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5880] <... ioctl resumed>) = 0 [pid 5880] close(3) = 0 [pid 5879] <... mprotect resumed>) = 0 [pid 5880] mkdir("./file1", 0777 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5881 attached => {parent_tid=[5881]}, 88) = 5881 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] <... rseq resumed>) = 0 [pid 5879] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] set_robust_list(0x7f81bb19d9a0, 24 [pid 5880] <... mkdir resumed>) = 0 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5881] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5880] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5881] <... open resumed>) = 3 [pid 5881] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5881] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5879] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] <... mount resumed>) = 0 [pid 5881] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] <... open resumed>) = 5 [pid 5881] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5881] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5881] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5879] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] <... write resumed>) = 262144 [pid 5881] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5881] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5880] ioctl(4, LOOP_CLR_FD) = 0 [pid 5880] close(4) = 0 [pid 5880] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] exit_group(0 [pid 5881] <... futex resumed>) = ? [pid 5879] <... exit_group resumed>) = ? [pid 5880] <... futex resumed>) = ? [pid 5880] +++ exited with 0 +++ [pid 5881] +++ exited with 0 +++ [pid 5879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./215/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./215/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/bus") = 0 umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/binderfs") = 0 umount2("./215/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./215/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5882 ./strace-static-x86_64: Process 5882 attached [pid 5882] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5882] chdir("./216") = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [ 74.033789][ T5880] loop0: detected capacity change from 0 to 512 [ 74.055823][ T5880] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5882] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5882] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5882] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5883 attached => {parent_tid=[5883]}, 88) = 5883 [pid 5883] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] <... rseq resumed>) = 0 [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5883] set_robust_list(0x7f81bb1be9a0, 24 [pid 5882] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... set_robust_list resumed>) = 0 [pid 5882] <... futex resumed>) = 0 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] <... futex resumed>) = 0 [pid 5883] memfd_create("syzkaller", 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5883] <... memfd_create resumed>) = 3 [pid 5882] <... mmap resumed>) = 0x7f81bb17d000 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5882] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5883] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5882] <... mprotect resumed>) = 0 [pid 5882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5884 attached [pid 5884] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5882] <... clone3 resumed> => {parent_tid=[5884]}, 88) = 5884 [pid 5884] <... rseq resumed>) = 0 [pid 5883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] set_robust_list(0x7f81bb19d9a0, 24 [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5882] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] <... futex resumed>) = 0 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5883] <... write resumed>) = 262144 [pid 5883] munmap(0x7f81b2d7d000, 262144 [pid 5884] <... open resumed>) = 4 [pid 5883] <... munmap resumed>) = 0 [pid 5884] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5884] <... futex resumed>) = 1 [pid 5882] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5882] <... futex resumed>) = 0 [pid 5884] <... mount resumed>) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5882] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... futex resumed>) = 1 [pid 5884] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5883] <... openat resumed>) = 6 [pid 5884] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] ioctl(6, LOOP_SET_FD, 3 [pid 5882] <... futex resumed>) = 0 [pid 5884] <... futex resumed>) = 1 [pid 5882] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5882] <... futex resumed>) = 0 [pid 5884] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5882] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] <... futex resumed>) = 0 [pid 5884] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... ioctl resumed>) = 0 [pid 5883] close(3) = 0 [pid 5883] mkdir("./file1", 0777) = 0 [pid 5883] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5883] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./file1") = 0 [pid 5883] ioctl(6, LOOP_CLR_FD) = 0 [pid 5883] close(6) = 0 [pid 5883] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] exit_group(0 [pid 5883] <... futex resumed>) = ? [pid 5882] <... exit_group resumed>) = ? [pid 5883] +++ exited with 0 +++ [pid 5884] <... futex resumed>) = ? [pid 5884] +++ exited with 0 +++ [pid 5882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./216/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/bus") = 0 umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/binderfs") = 0 umount2("./216/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./216/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 74.132830][ T5883] loop0: detected capacity change from 0 to 512 [ 74.148379][ T5883] EXT4-fs (loop0): 1 orphan inode deleted [ 74.154357][ T5883] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/216/file1 supports timestamps until 2038-01-19 (0x7fffffff) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached , child_tidptr=0x555556eda690) = 5887 [pid 5887] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5887] chdir("./217") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5887] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5887] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5887] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0} => {parent_tid=[5888]}, 88) = 5888 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5887] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5887] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5889 attached [pid 5889] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5887] <... clone3 resumed> => {parent_tid=[5889]}, 88) = 5889 [pid 5889] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5887] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5888 attached [pid 5887] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5888] set_robust_list(0x7f81bb1be9a0, 24 [pid 5889] <... open resumed>) = 3 [pid 5888] <... set_robust_list resumed>) = 0 [pid 5889] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5888] memfd_create("syzkaller", 0 [pid 5889] <... futex resumed>) = 1 [pid 5888] <... memfd_create resumed>) = 4 [pid 5887] <... futex resumed>) = 0 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5889] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5887] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... mount resumed>) = 0 [pid 5889] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5889] <... futex resumed>) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5889] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5889] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5887] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... open resumed>) = 5 [pid 5889] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5889] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5888] <... write resumed>) = 262144 [pid 5887] <... futex resumed>) = 0 [pid 5889] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5888] munmap(0x7f81b2d7d000, 262144 [pid 5887] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] <... munmap resumed>) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5888] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./file1", 0777) = 0 [pid 5888] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5888] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5888] chdir("./file1") = 0 [pid 5888] ioctl(6, LOOP_CLR_FD) = 0 [pid 5888] close(6) = 0 [pid 5888] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] exit_group(0 [pid 5888] <... futex resumed>) = ? [pid 5889] <... futex resumed>) = ? [pid 5888] +++ exited with 0 +++ [pid 5889] +++ exited with 0 +++ [pid 5887] <... exit_group resumed>) = ? [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./217/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/bus") = 0 umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/binderfs") = 0 umount2("./217/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./217/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5892 attached [ 74.243413][ T5888] loop0: detected capacity change from 0 to 512 [ 74.258006][ T5888] EXT4-fs (loop0): 1 orphan inode deleted [ 74.263831][ T5888] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/217/file1 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5892] set_robust_list(0x555556eda6a0, 24 [pid 5024] <... clone resumed>, child_tidptr=0x555556eda690) = 5892 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5892] chdir("./218") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5892] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5892] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5893 attached [pid 5893] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5892] <... clone3 resumed> => {parent_tid=[5893]}, 88) = 5893 [pid 5893] <... rseq resumed>) = 0 [pid 5893] set_robust_list(0x7f81bb1be9a0, 24 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] <... set_robust_list resumed>) = 0 [pid 5892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5892] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] <... futex resumed>) = 0 [pid 5893] memfd_create("syzkaller", 0 [pid 5892] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... memfd_create resumed>) = 3 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5892] <... futex resumed>) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5892] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0}./strace-static-x86_64: Process 5894 attached [pid 5894] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053 [pid 5892] <... clone3 resumed> => {parent_tid=[5894]}, 88) = 5894 [pid 5894] <... rseq resumed>) = 0 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], [pid 5894] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5893] <... write resumed>) = 262144 [pid 5892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5894] <... set_robust_list resumed>) = 0 [pid 5893] munmap(0x7f81b2d9e000, 262144 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], [pid 5892] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] <... futex resumed>) = 0 [pid 5894] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5892] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... munmap resumed>) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5893] ioctl(4, LOOP_SET_FD, 3 [pid 5894] <... open resumed>) = 5 [pid 5893] <... ioctl resumed>) = 0 [pid 5893] close(3) = 0 [pid 5893] mkdir("./file1", 0777 [pid 5894] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5894] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = 0 [pid 5894] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5892] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... mount resumed>) = 0 [pid 5894] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5894] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5892] <... futex resumed>) = 0 [pid 5893] <... mkdir resumed>) = 0 [pid 5893] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5894] <... open resumed>) = 3 [pid 5892] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5892] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... write resumed>) = 262144 [pid 5894] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = 1 [pid 5894] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5893] ioctl(4, LOOP_CLR_FD) = 0 [pid 5893] close(4) = 0 [pid 5893] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] exit_group(0 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = ? [pid 5893] <... futex resumed>) = ? [pid 5892] <... exit_group resumed>) = ? [pid 5894] +++ exited with 0 +++ [pid 5893] +++ exited with 0 +++ [pid 5892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./218/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/bus") = 0 umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/binderfs") = 0 umount2("./218/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./218/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached , child_tidptr=0x555556eda690) = 5895 [pid 5895] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5895] chdir("./219") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5895] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5895] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5895] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5896 attached [pid 5896] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053) = 0 [pid 5896] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5896] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] <... clone3 resumed> => {parent_tid=[5896]}, 88) = 5896 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5895] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] <... futex resumed>) = 0 [pid 5895] <... futex resumed>) = 1 [pid 5896] memfd_create("syzkaller", 0 [pid 5895] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] <... memfd_create resumed>) = 3 [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5896] <... mmap resumed>) = 0x7f81b2d9e000 [pid 5895] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5895] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} [pid 5896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5897 attached [pid 5895] <... clone3 resumed> => {parent_tid=[5897]}, 88) = 5897 [pid 5897] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5897] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] <... futex resumed>) = 0 [pid 5897] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5896] <... write resumed>) = 262144 [pid 5895] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] munmap(0x7f81b2d9e000, 262144 [pid 5897] <... open resumed>) = 4 [pid 5896] <... munmap resumed>) = 0 [pid 5897] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5897] <... futex resumed>) = 1 [pid 5896] <... openat resumed>) = 5 [pid 5895] <... futex resumed>) = 0 [pid 5897] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5896] ioctl(5, LOOP_SET_FD, 3 [ 74.348390][ T5893] loop0: detected capacity change from 0 to 512 [ 74.365263][ T5893] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5895] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5897] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5897] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] <... futex resumed>) = 1 [pid 5895] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5897] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5897] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] <... futex resumed>) = 1 [pid 5895] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5896] <... ioctl resumed>) = 0 [pid 5897] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5896] close(3 [pid 5895] <... futex resumed>) = 1 [pid 5895] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] <... close resumed>) = 0 [pid 5896] mkdir("./file1", 0777) = 0 [pid 5896] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5897] <... write resumed>) = 262144 [pid 5897] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = 1 [pid 5897] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5896] ioctl(5, LOOP_CLR_FD) = 0 [pid 5896] close(5) = 0 [pid 5896] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] exit_group(0) = ? [pid 5896] <... futex resumed>) = ? [pid 5897] <... futex resumed>) = ? [pid 5897] +++ exited with 0 +++ [pid 5896] +++ exited with 0 +++ [pid 5895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./219/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/bus") = 0 umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/binderfs") = 0 umount2("./219/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./219/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5898 attached , child_tidptr=0x555556eda690) = 5898 [pid 5898] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5898] chdir("./220") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 [pid 5898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5898] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5898] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5899 attached [pid 5899] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5898] <... clone3 resumed> => {parent_tid=[5899]}, 88) = 5899 [pid 5899] <... rseq resumed>) = 0 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], [pid 5899] set_robust_list(0x7f81bb1be9a0, 24 [pid 5898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5898] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5898] <... futex resumed>) = 0 [pid 5899] memfd_create("syzkaller", 0 [pid 5898] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5899] <... memfd_create resumed>) = 3 [pid 5898] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5898] <... mprotect resumed>) = 0 [pid 5899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5900 attached => {parent_tid=[5900]}, 88) = 5900 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5898] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5898] <... futex resumed>) = 0 [pid 5900] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5898] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5900] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 74.420889][ T5896] loop0: detected capacity change from 0 to 512 [ 74.435778][ T5896] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5900] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... write resumed>) = 262144 [pid 5898] <... futex resumed>) = 0 [pid 5900] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5898] <... futex resumed>) = 1 [pid 5898] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5899] munmap(0x7f81b2d7d000, 262144 [pid 5900] <... mount resumed>) = 0 [pid 5899] <... munmap resumed>) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5900] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] ioctl(5, LOOP_SET_FD, 3 [pid 5900] <... futex resumed>) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5900] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5900] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... ioctl resumed>) = 0 [pid 5900] <... futex resumed>) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5900] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5898] <... futex resumed>) = 0 [pid 5898] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] close(3) = 0 [pid 5899] mkdir("./file1", 0777) = 0 [pid 5899] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5900] <... write resumed>) = 262144 [pid 5900] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5900] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5899] ioctl(5, LOOP_CLR_FD) = 0 [pid 5899] close(5) = 0 [pid 5899] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] exit_group(0 [pid 5900] <... futex resumed>) = ? [pid 5898] <... exit_group resumed>) = ? [pid 5899] <... futex resumed>) = ? [pid 5900] +++ exited with 0 +++ [pid 5899] +++ exited with 0 +++ [pid 5898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./220/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./220/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/bus") = 0 umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/binderfs") = 0 umount2("./220/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./220/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5901 attached , child_tidptr=0x555556eda690) = 5901 [pid 5901] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5901] chdir("./221") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 [ 74.485010][ T5899] loop0: detected capacity change from 0 to 512 [ 74.499184][ T5899] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5901] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5901] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5902 attached => {parent_tid=[5902]}, 88) = 5902 [pid 5902] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] <... rseq resumed>) = 0 [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5901] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5901] <... futex resumed>) = 0 [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] memfd_create("syzkaller", 0 [pid 5901] <... futex resumed>) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5902] <... memfd_create resumed>) = 3 [pid 5901] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5901] <... mprotect resumed>) = 0 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5903]}, 88) = 5903 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5901] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5903 attached [pid 5902] <... write resumed>) = 262144 [pid 5903] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5903] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5903] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5902] munmap(0x7f81b2d7d000, 262144 [pid 5903] <... open resumed>) = 4 [pid 5902] <... munmap resumed>) = 0 [pid 5903] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5903] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] <... futex resumed>) = 0 [pid 5903] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5901] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5903] <... mount resumed>) = 0 [pid 5902] <... openat resumed>) = 5 [pid 5903] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] ioctl(5, LOOP_SET_FD, 3 [pid 5903] <... futex resumed>) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5903] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... futex resumed>) = 1 [pid 5903] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5902] <... ioctl resumed>) = 0 [pid 5902] close(3) = 0 [pid 5902] mkdir("./file1", 0777) = 0 [pid 5902] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5903] <... write resumed>) = -1 EIO (Input/output error) [pid 5903] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] <... futex resumed>) = 0 [pid 5902] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5902] ioctl(5, LOOP_CLR_FD) = 0 [pid 5902] close(5) = 0 [pid 5902] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] exit_group(0 [pid 5903] <... futex resumed>) = ? [pid 5901] <... exit_group resumed>) = ? [pid 5903] +++ exited with 0 +++ [pid 5902] +++ exited with 0 +++ [pid 5901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./221", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./221/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./221/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/bus") = 0 umount2("./221/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/binderfs") = 0 umount2("./221/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./221/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached , child_tidptr=0x555556eda690) = 5904 [pid 5904] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5904] chdir("./222") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [ 74.563081][ T5902] loop0: detected capacity change from 0 to 512 [ 74.568992][ T5903] blk_print_req_error: 76 callbacks suppressed [ 74.569005][ T5903] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 74.585828][ T5903] buffer_io_error: 76 callbacks suppressed [ 74.585840][ T5903] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 74.604535][ T5902] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5904] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5905 attached [pid 5905] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5904] <... clone3 resumed> => {parent_tid=[5905]}, 88) = 5905 [pid 5905] <... rseq resumed>) = 0 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] set_robust_list(0x7f81bb1be9a0, 24) = 0 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5904] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] memfd_create("syzkaller", 0 [pid 5904] <... futex resumed>) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5904] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5905] <... memfd_create resumed>) = 3 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5904] <... mprotect resumed>) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5905] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5904] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5906 attached [pid 5906] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5904] <... clone3 resumed> => {parent_tid=[5906]}, 88) = 5906 [pid 5906] <... rseq resumed>) = 0 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5906] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5904] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5904] <... futex resumed>) = 0 [pid 5906] <... open resumed>) = 4 [pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5904] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... futex resumed>) = 1 [pid 5906] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5906] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... futex resumed>) = 1 [pid 5906] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5906] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... futex resumed>) = 1 [pid 5905] <... write resumed>) = 262144 [pid 5906] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5906] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5905] munmap(0x7f81b2d7d000, 262144 [pid 5906] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... munmap resumed>) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5905] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5905] close(3) = 0 [pid 5905] mkdir("./file1", 0777) = 0 [pid 5905] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"...) = 0 [pid 5905] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5905] chdir("./file1") = 0 [pid 5905] ioctl(6, LOOP_CLR_FD) = 0 [pid 5905] close(6) = 0 [pid 5905] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] exit_group(0 [pid 5905] <... futex resumed>) = ? [pid 5904] <... exit_group resumed>) = ? [pid 5905] +++ exited with 0 +++ [pid 5906] <... futex resumed>) = ? [pid 5906] +++ exited with 0 +++ [pid 5904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./222", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./222/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/bus") = 0 umount2("./222/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/binderfs") = 0 umount2("./222/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./222/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 74.660348][ T5905] loop0: detected capacity change from 0 to 512 [ 74.687822][ T5905] EXT4-fs (loop0): 1 orphan inode deleted [ 74.693771][ T5905] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/222/file1 supports timestamps until 2038-01-19 (0x7fffffff) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5909 ./strace-static-x86_64: Process 5909 attached [pid 5909] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5909] chdir("./223") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5909] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5909] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5909] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5910 attached => {parent_tid=[5910]}, 88) = 5910 [pid 5910] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] <... rseq resumed>) = 0 [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] set_robust_list(0x7f81bb1be9a0, 24 [pid 5909] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... set_robust_list resumed>) = 0 [pid 5909] <... futex resumed>) = 0 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] <... futex resumed>) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5910] memfd_create("syzkaller", 0 [pid 5909] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5910] <... memfd_create resumed>) = 3 [pid 5909] <... mprotect resumed>) = 0 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5911 attached [pid 5911] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5911] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5911] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] <... clone3 resumed> => {parent_tid=[5911]}, 88) = 5911 [pid 5910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5909] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = 0 [pid 5909] <... futex resumed>) = 1 [pid 5911] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5909] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... open resumed>) = 4 [pid 5910] <... write resumed>) = 262144 [pid 5910] munmap(0x7f81b2d7d000, 262144 [pid 5911] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... munmap resumed>) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... openat resumed>) = 5 [pid 5910] ioctl(5, LOOP_SET_FD, 3 [pid 5911] <... futex resumed>) = 1 [pid 5911] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5911] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5909] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5911] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5909] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... ioctl resumed>) = 0 [pid 5910] close(3) = 0 [pid 5910] mkdir("./file1", 0777) = 0 [pid 5910] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5911] <... write resumed>) = -1 EIO (Input/output error) [pid 5911] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5911] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5910] ioctl(5, LOOP_CLR_FD) = 0 [pid 5910] close(5) = 0 [pid 5910] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] exit_group(0 [pid 5911] <... futex resumed>) = ? [pid 5910] <... futex resumed>) = ? [pid 5909] <... exit_group resumed>) = ? [pid 5911] +++ exited with 0 +++ [pid 5910] +++ exited with 0 +++ [pid 5909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./223", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./223/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./223/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/bus") = 0 umount2("./223/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/binderfs") = 0 umount2("./223/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./223/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5912 attached , child_tidptr=0x555556eda690) = 5912 [pid 5912] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5912] chdir("./224") = 0 [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5912] setpgid(0, 0) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5912] write(3, "1000", 4) = 4 [pid 5912] close(3) = 0 [pid 5912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5912] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5912] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5912] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5913 attached => {parent_tid=[5913]}, 88) = 5913 [pid 5913] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], [pid 5913] <... rseq resumed>) = 0 [pid 5913] set_robust_list(0x7f81bb1be9a0, 24 [pid 5912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5912] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... set_robust_list resumed>) = 0 [pid 5912] <... futex resumed>) = 0 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] memfd_create("syzkaller", 0 [pid 5912] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] <... memfd_create resumed>) = 3 [pid 5912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb17d000 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 74.762303][ T5910] loop0: detected capacity change from 0 to 512 [ 74.769762][ T5911] I/O error, dev loop0, sector 248 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 74.780588][ T5911] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 74.792198][ T5910] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5912] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE [pid 5913] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5912] <... mprotect resumed>) = 0 [pid 5913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5914 attached [pid 5914] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5912] <... clone3 resumed> => {parent_tid=[5914]}, 88) = 5914 [pid 5914] <... rseq resumed>) = 0 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] set_robust_list(0x7f81bb19d9a0, 24 [pid 5912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5914] <... set_robust_list resumed>) = 0 [pid 5912] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], [pid 5912] <... futex resumed>) = 0 [pid 5914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5912] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5913] <... write resumed>) = 262144 [pid 5914] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] munmap(0x7f81b2d7d000, 262144 [pid 5914] <... futex resumed>) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5914] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] <... munmap resumed>) = 0 [pid 5912] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5914] <... futex resumed>) = 0 [pid 5912] <... futex resumed>) = 1 [pid 5914] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5913] <... openat resumed>) = 5 [pid 5912] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] ioctl(5, LOOP_SET_FD, 3 [pid 5914] <... mount resumed>) = 0 [pid 5914] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5912] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5914] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5914] <... futex resumed>) = 1 [pid 5912] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... ioctl resumed>) = 0 [pid 5913] close(3) = 0 [pid 5913] mkdir("./file1", 0777) = 0 [pid 5913] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5914] <... write resumed>) = 262144 [pid 5914] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5914] <... futex resumed>) = 1 [pid 5914] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5913] ioctl(5, LOOP_CLR_FD) = 0 [pid 5913] close(5) = 0 [pid 5913] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] exit_group(0) = ? [pid 5914] <... futex resumed>) = ? [pid 5914] +++ exited with 0 +++ [pid 5913] <... futex resumed>) = ? [pid 5913] +++ exited with 0 +++ [pid 5912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./224", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./224/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./224/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/bus") = 0 umount2("./224/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/binderfs") = 0 umount2("./224/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./224/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5915 ./strace-static-x86_64: Process 5915 attached [pid 5915] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5915] chdir("./225") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [ 74.849921][ T5913] loop0: detected capacity change from 0 to 512 [ 74.865125][ T5913] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 5915] close(3) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5915] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5915] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5916 attached [pid 5916] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5915] <... clone3 resumed> => {parent_tid=[5916]}, 88) = 5916 [pid 5916] <... rseq resumed>) = 0 [pid 5916] set_robust_list(0x7f81bb1be9a0, 24 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5916] <... set_robust_list resumed>) = 0 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5916] memfd_create("syzkaller", 0 [pid 5915] <... futex resumed>) = 0 [pid 5916] <... memfd_create resumed>) = 3 [pid 5915] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5915] <... futex resumed>) = 0 [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5916] <... mmap resumed>) = 0x7f81b2d9e000 [pid 5916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5915] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5916] <... write resumed>) = 262144 [pid 5915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} [pid 5916] munmap(0x7f81b2d9e000, 262144 [pid 5915] <... clone3 resumed> => {parent_tid=[5917]}, 88) = 5917 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5917 attached [pid 5917] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5917] set_robust_list(0x7f81b2d9d9a0, 24 [pid 5915] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... munmap resumed>) = 0 [pid 5917] <... set_robust_list resumed>) = 0 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5917] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5915] <... futex resumed>) = 0 [pid 5917] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] <... openat resumed>) = 5 [pid 5917] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] ioctl(5, LOOP_SET_FD, 3 [pid 5915] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5917] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5917] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] <... futex resumed>) = 1 [pid 5915] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5917] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5917] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] <... futex resumed>) = 1 [pid 5915] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5917] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5915] <... futex resumed>) = 1 [pid 5915] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... ioctl resumed>) = 0 [pid 5916] close(3) = 0 [pid 5916] mkdir("./file1", 0777) = 0 [pid 5916] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5917] <... write resumed>) = 262144 [pid 5917] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5917] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5916] ioctl(5, LOOP_CLR_FD) = 0 [pid 5916] close(5) = 0 [pid 5916] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] futex(0x7f81bb2896c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] exit_group(0 [pid 5917] <... futex resumed>) = ? [pid 5916] <... futex resumed>) = ? [pid 5915] <... exit_group resumed>) = ? [pid 5917] +++ exited with 0 +++ [pid 5916] +++ exited with 0 +++ [pid 5915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./225", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./225/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./225/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/bus") = 0 umount2("./225/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/binderfs") = 0 umount2("./225/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./225/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 74.929737][ T5916] loop0: detected capacity change from 0 to 512 [ 74.944314][ T5916] EXT4-fs (loop0): VFS: Can't find ext4 filesystem clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5918 ./strace-static-x86_64: Process 5918 attached [pid 5918] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5918] chdir("./226") = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5918] close(3) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5918] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5918] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5919 attached => {parent_tid=[5919]}, 88) = 5919 [pid 5919] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] <... rseq resumed>) = 0 [pid 5919] set_robust_list(0x7f81bb1be9a0, 24 [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5918] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5919] memfd_create("syzkaller", 0 [pid 5918] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5919] <... memfd_create resumed>) = 3 [pid 5918] <... mmap resumed>) = 0x7f81bb17d000 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d7d000 [pid 5918] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0} => {parent_tid=[5920]}, 88) = 5920 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5918] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5920 attached [pid 5920] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053) = 0 [pid 5920] set_robust_list(0x7f81bb19d9a0, 24) = 0 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5920] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5920] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... write resumed>) = 262144 [pid 5920] <... futex resumed>) = 1 [pid 5919] munmap(0x7f81b2d7d000, 262144 [pid 5918] <... futex resumed>) = 0 [pid 5920] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] <... munmap resumed>) = 0 [pid 5918] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5918] <... futex resumed>) = 0 [pid 5920] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5919] <... openat resumed>) = 5 [pid 5918] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] ioctl(5, LOOP_SET_FD, 3 [pid 5920] <... mount resumed>) = 0 [pid 5920] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... ioctl resumed>) = 0 [pid 5919] close(3) = 0 [pid 5919] mkdir("./file1", 0777 [pid 5920] <... futex resumed>) = 1 [pid 5919] <... mkdir resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5920] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5918] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5920] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5918] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5920] <... open resumed>) = 3 [pid 5920] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5920] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5918] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5920] <... write resumed>) = 262144 [pid 5920] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 0 [pid 5920] <... futex resumed>) = 1 [pid 5920] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5919] ioctl(5, LOOP_CLR_FD) = 0 [pid 5919] close(5) = 0 [pid 5919] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] exit_group(0) = ? [pid 5920] <... futex resumed>) = ? [pid 5920] +++ exited with 0 +++ [pid 5919] <... futex resumed>) = ? [pid 5919] +++ exited with 0 +++ [pid 5918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./226", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./226/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./226/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/bus") = 0 umount2("./226/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/binderfs") = 0 umount2("./226/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./226/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eda690) = 5921 ./strace-static-x86_64: Process 5921 attached [pid 5921] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5921] chdir("./227") = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5921] setpgid(0, 0) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5921] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5921] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5921] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5921] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5922 attached => {parent_tid=[5922]}, 88) = 5922 [pid 5922] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], [pid 5922] <... rseq resumed>) = 0 [pid 5921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] set_robust_list(0x7f81bb1be9a0, 24 [pid 5921] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... set_robust_list resumed>) = 0 [pid 5921] <... futex resumed>) = 0 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], [pid 5921] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5921] <... futex resumed>) = 0 [pid 5922] memfd_create("syzkaller", 0 [pid 5921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5922] <... memfd_create resumed>) = 3 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5921] <... mmap resumed>) = 0x7f81bb17d000 [pid 5922] <... mmap resumed>) = 0x7f81b2d7d000 [pid 5921] mprotect(0x7f81bb17e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5921] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb19d990, parent_tid=0x7f81bb19d990, exit_signal=0, stack=0x7f81bb17d000, stack_size=0x20300, tls=0x7f81bb19d6c0}./strace-static-x86_64: Process 5923 attached [pid 5922] <... write resumed>) = 262144 [pid 5922] munmap(0x7f81b2d7d000, 262144 [pid 5923] rseq(0x7f81bb19dfe0, 0x20, 0, 0x53053053 [pid 5922] <... munmap resumed>) = 0 [pid 5921] <... clone3 resumed> => {parent_tid=[5923]}, 88) = 5923 [pid 5923] <... rseq resumed>) = 0 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] set_robust_list(0x7f81bb19d9a0, 24 [pid 5921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5923] <... set_robust_list resumed>) = 0 [pid 5921] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5921] <... futex resumed>) = 0 [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5921] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 75.006950][ T5919] loop0: detected capacity change from 0 to 512 [ 75.025242][ T5919] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 8 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5922] ioctl(5, LOOP_SET_FD, 3 [pid 5923] <... open resumed>) = 4 [pid 5923] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5923] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... futex resumed>) = 0 [pid 5923] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5921] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... mount resumed>) = 0 [pid 5922] <... ioctl resumed>) = 0 [pid 5923] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] close(3 [pid 5921] <... futex resumed>) = 0 [pid 5923] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] <... close resumed>) = 0 [pid 5921] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5922] mkdir("./file1", 0777 [pid 5921] <... futex resumed>) = 0 [pid 5923] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5921] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... open resumed>) = 3 [pid 5922] <... mkdir resumed>) = 0 [pid 5923] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5921] <... futex resumed>) = 0 [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5921] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... write resumed>) = 262144 [pid 5923] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5923] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] <... mount resumed>) = 0 [pid 5922] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 6 [pid 5922] chdir("./file1") = 0 [pid 5922] ioctl(5, LOOP_CLR_FD) = 0 [pid 5922] close(5) = 0 [pid 5922] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] exit_group(0 [pid 5923] <... futex resumed>) = ? [pid 5922] <... futex resumed>) = ? [pid 5921] <... exit_group resumed>) = ? [pid 5923] +++ exited with 0 +++ [pid 5922] +++ exited with 0 +++ [pid 5921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./227", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556edb730 /* 5 entries */, 32768) = 136 umount2("./227/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./227/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/bus") = 0 umount2("./227/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/binderfs") = 0 umount2("./227/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./227/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./227/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 75.071024][ T5922] loop0: detected capacity change from 0 to 512 [ 75.100004][ T5922] EXT4-fs (loop0): 1 orphan inode deleted [ 75.108177][ T5922] ext4 filesystem being mounted at /root/syzkaller.p0uXmg/227/file1 supports timestamps until 2038-01-19 (0x7fffffff) openat(AT_FDCWD, "./227/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556ee3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ee3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./227/file1") = 0 getdents64(3, 0x555556edb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5926 attached , child_tidptr=0x555556eda690) = 5926 [pid 5926] set_robust_list(0x555556eda6a0, 24) = 0 [pid 5926] chdir("./228") = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4) = 4 [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5926] futex(0x7f81bb2896cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] rt_sigaction(SIGRT_1, {sa_handler=0x7f81bb228030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f81bb2191e0}, NULL, 8) = 0 [pid 5926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81bb19e000 [pid 5926] mprotect(0x7f81bb19f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81bb1be990, parent_tid=0x7f81bb1be990, exit_signal=0, stack=0x7f81bb19e000, stack_size=0x20300, tls=0x7f81bb1be6c0}./strace-static-x86_64: Process 5927 attached [pid 5927] rseq(0x7f81bb1befe0, 0x20, 0, 0x53053053 [pid 5926] <... clone3 resumed> => {parent_tid=[5927]}, 88) = 5927 [pid 5927] <... rseq resumed>) = 0 [pid 5927] set_robust_list(0x7f81bb1be9a0, 24 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5927] <... set_robust_list resumed>) = 0 [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5926] futex(0x7f81bb2896c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] <... futex resumed>) = 0 [pid 5927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5927] memfd_create("syzkaller", 0) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b2d9e000 [pid 5926] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f81b2d7d000 [pid 5926] mprotect(0x7f81b2d7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5926] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f81b2d9d990, parent_tid=0x7f81b2d9d990, exit_signal=0, stack=0x7f81b2d7d000, stack_size=0x20300, tls=0x7f81b2d9d6c0} => {parent_tid=[5928]}, 88) = 5928 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5926] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... write resumed>) = 262144 [pid 5927] munmap(0x7f81b2d9e000, 262144./strace-static-x86_64: Process 5928 attached [pid 5928] rseq(0x7f81b2d9dfe0, 0x20, 0, 0x53053053) = 0 [pid 5928] set_robust_list(0x7f81b2d9d9a0, 24) = 0 [pid 5927] <... munmap resumed>) = 0 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5927] <... openat resumed>) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3 [pid 5928] <... open resumed>) = 5 [pid 5927] <... ioctl resumed>) = 0 [pid 5928] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5928] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5928] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5926] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] <... mount resumed>) = 0 [pid 5928] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] close(3) = 0 [pid 5927] mkdir("./file1", 0777 [pid 5928] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5928] futex(0x7f81bb2896d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 3 [pid 5927] <... mkdir resumed>) = 0 [pid 5928] futex(0x7f81bb2896dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "bsddf,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_all"... [pid 5926] <... futex resumed>) = 0 [pid 5928] <... futex resumed>) = 1 [pid 5926] futex(0x7f81bb2896d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 75.187814][ T5927] loop0: detected capacity change from 0 to 512 [ 75.206448][ T5928] ------------[ cut here ]------------ [ 75.211921][ T5928] kernel BUG at fs/buffer.c:2028! [ 75.217299][ T5928] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 75.223370][ T5928] CPU: 0 PID: 5928 Comm: syz-executor212 Not tainted 6.5.0-syzkaller-11329-g708283abf896 #0 [pid 5926] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5926] futex(0x7f81bb2896dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 75.233414][ T5928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 75.243451][ T5928] RIP: 0010:__block_write_begin_int+0x18f7/0x1a40 [ 75.249862][ T5928] Code: 9f 0c 85 ff 48 8b 7c 24 08 48 c7 c6 e0 24 18 8b e8 5e 8a c6 ff 0f 0b e8 87 0c 85 ff eb 13 e8 80 0c 85 ff eb c7 e8 79 0c 85 ff <0f> 0b e8 72 0c 85 ff 48 8b 7c 24 08 48 c7 c6 e0 24 18 8b e8 31 8a [ 75.269467][ T5928] RSP: 0018:ffffc9000583f520 EFLAGS: 00010293 [ 75.275527][ T5928] RAX: ffffffff82088147 RBX: 0000000000040000 RCX: ffff888023368000 [ 75.283489][ T5928] RDX: 0000000000000000 RSI: 0000000000040000 RDI: 00000000000f8000 [ 75.291446][ T5928] RBP: ffffc9000583f6b0 R08: ffffffff820871b2 R09: 1ffff1100eeda83a [ 75.299406][ T5928] R10: dffffc0000000000 R11: ffffed100eeda83b R12: 00000000000f8000 [ 75.307371][ T5928] R13: 0000000000000400 R14: 0000000000000000 R15: ffff8880776d41d0 [ 75.315376][ T5928] FS: 00007f81b2d9d6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 75.324300][ T5928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.330902][ T5928] CR2: 00007f81bb1bf000 CR3: 0000000078b88000 CR4: 00000000003506f0 [ 75.338957][ T5928] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.346926][ T5928] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.354898][ T5928] Call Trace: [ 75.358167][ T5928] [ 75.361097][ T5928] ? __die_body+0x8b/0xe0 [ 75.365421][ T5928] ? die+0xa1/0xd0 [ 75.369220][ T5928] ? do_trap+0x153/0x380 [ 75.373452][ T5928] ? __block_write_begin_int+0x18f7/0x1a40 [ 75.379246][ T5928] ? do_error_trap+0x1dc/0x2c0 [ 75.384000][ T5928] ? __block_write_begin_int+0x18f7/0x1a40 [ 75.389793][ T5928] ? do_int3+0x50/0x50 [ 75.393850][ T5928] ? report_bug+0x3e4/0x500 [ 75.398349][ T5928] ? handle_invalid_op+0x34/0x40 [ 75.403273][ T5928] ? __block_write_begin_int+0x18f7/0x1a40 [ 75.409066][ T5928] ? exc_invalid_op+0x33/0x50 [ 75.413730][ T5928] ? asm_exc_invalid_op+0x1a/0x20 [ 75.418751][ T5928] ? __block_write_begin_int+0x962/0x1a40 [ 75.424455][ T5928] ? __block_write_begin_int+0x18f7/0x1a40 [ 75.430247][ T5928] ? __block_write_begin_int+0x18f7/0x1a40 [ 75.436049][ T5928] ? folio_add_lru+0x6f0/0x6f0 [ 75.440810][ T5928] ? folio_zero_new_buffers+0x530/0x530 [ 75.446346][ T5928] ? __filemap_get_folio+0x8f1/0xbb0 [ 75.451621][ T5928] iomap_write_begin+0xaf6/0x1f00 [ 75.456821][ T5928] ? lock_release+0xbf/0x9d0 [ 75.461405][ T5928] ? bio_next_folio+0x630/0x630 [ 75.466416][ T5928] ? rcu_is_watching+0x15/0xb0 [ 75.471174][ T5928] ? lock_release+0xbf/0x9d0 [ 75.475755][ T5928] ? read_lock_is_recursive+0x20/0x20 [ 75.481118][ T5928] ? __folio_memcg_unlock+0xfd/0x110 [ 75.486386][ T5928] ? __lock_acquire+0x7f70/0x7f70 [ 75.491397][ T5928] ? fault_in_readable+0x1a6/0x2b0 [ 75.496495][ T5928] ? fault_in_safe_writeable+0x260/0x260 [ 75.502115][ T5928] ? __iomap_put_folio+0x12f/0x170 [ 75.507220][ T5928] ? fault_in_iov_iter_readable+0xdf/0x280 [ 75.513016][ T5928] iomap_file_buffered_write+0x587/0x1020 [ 75.518736][ T5928] ? iomap_set_range_dirty+0x1e0/0x1e0 [ 75.524201][ T5928] ? __mark_inode_dirty+0x3e7/0xd90 [ 75.529390][ T5928] ? preempt_count_add+0x93/0x180 [ 75.534401][ T5928] ? __mnt_drop_write_file+0xbb/0x100 [ 75.539761][ T5928] ? file_update_time+0x19c/0x1b0 [ 75.544781][ T5928] blkdev_write_iter+0x41d/0x5c0 [ 75.549718][ T5928] vfs_write+0x782/0xaf0 [ 75.553951][ T5928] ? file_end_write+0x250/0x250 [ 75.558792][ T5928] ? __fget_files+0x3cf/0x440 [ 75.563464][ T5928] ? __fdget_pos+0x1df/0x340 [ 75.568044][ T5928] ? ksys_write+0x7b/0x2c0 [ 75.572447][ T5928] ksys_write+0x1a0/0x2c0 [ 75.576765][ T5928] ? __ia32_sys_read+0x90/0x90 [ 75.581522][ T5928] ? rcu_is_watching+0x15/0xb0 [ 75.586275][ T5928] ? syscall_enter_from_user_mode+0x8c/0x230 [ 75.592245][ T5928] do_syscall_64+0x41/0xc0 [ 75.596650][ T5928] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.602528][ T5928] RIP: 0033:0x7f81bb201c19 [ 75.606927][ T5928] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 75.626516][ T5928] RSP: 002b:00007f81b2d9d218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 75.634917][ T5928] RAX: ffffffffffffffda RBX: 00007f81bb2896d8 RCX: 00007f81bb201c19 [ 75.642875][ T5928] RDX: 000000000208e24b RSI: 00000000200001c0 RDI: 0000000000000003 [ 75.650830][ T5928] RBP: 00007f81bb2896d0 R08: 0000000000000000 R09: 0000000000000000 [ 75.658787][ T5928] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81bb256578 [ 75.666757][ T5928] R13: 0000000000000006 R14: 0031656c69662f2e R15: 6f6f6c2f7665642f [ 75.674720][ T5928] [ 75.677726][ T5928] Modules linked in: [ 75.681805][ T5928] ---[ end trace 0000000000000000 ]--- [ 75.687404][ T5928] RIP: 0010:__block_write_begin_int+0x18f7/0x1a40 [ 75.693848][ T5928] Code: 9f 0c 85 ff 48 8b 7c 24 08 48 c7 c6 e0 24 18 8b e8 5e 8a c6 ff 0f 0b e8 87 0c 85 ff eb 13 e8 80 0c 85 ff eb c7 e8 79 0c 85 ff <0f> 0b e8 72 0c 85 ff 48 8b 7c 24 08 48 c7 c6 e0 24 18 8b e8 31 8a [ 75.713569][ T5928] RSP: 0018:ffffc9000583f520 EFLAGS: 00010293 [ 75.719695][ T5928] RAX: ffffffff82088147 RBX: 0000000000040000 RCX: ffff888023368000 [ 75.727929][ T5928] RDX: 0000000000000000 RSI: 0000000000040000 RDI: 00000000000f8000 [ 75.736062][ T5928] RBP: ffffc9000583f6b0 R08: ffffffff820871b2 R09: 1ffff1100eeda83a [ 75.744048][ T5928] R10: dffffc0000000000 R11: ffffed100eeda83b R12: 00000000000f8000 [ 75.752223][ T5928] R13: 0000000000000400 R14: 0000000000000000 R15: ffff8880776d41d0 [ 75.760381][ T5928] FS: 00007f81b2d9d6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 75.769455][ T5928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.776076][ T5928] CR2: 00007f81bb1bf000 CR3: 0000000078b88000 CR4: 00000000003506f0 [ 75.784058][ T5928] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.792072][ T5928] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.800074][ T5928] Kernel panic - not syncing: Fatal exception [ 75.806320][ T5928] Kernel Offset: disabled [ 75.810627][ T5928] Rebooting in 86400 seconds..